An AI tool just caught what could have been one of the most dangerous exploits in XRP Ledger history. And nobody lost a single token.

On February 19, 2026, security researcher Pranamya Keshkamat and Cantina AI's autonomous tool Apex discovered a critical flaw inside the XRPL Batch amendment's signature validation logic. The bug was sitting inside rippled 3.1.0. It had not activated on mainnet yet.

The Flaw That Could Steal Without Your Keys

The vulnerability sat inside a signer validation loop. When the loop encountered a brand-new account whose signing key matched its own address, it declared success immediately and stopped checking. All remaining signers got skipped entirely.

That early exit was the problem. An attacker could slip a forged signer entry for any victim account right after a new account entry. The loop never reached it.

The exploit path was clean. An attacker builds a batch transaction with three inner transactions: one that creates a new account they control, one small transaction from that account to lock it as a required signer, and one payment draining the victim. Two signer entries go in. The first is legitimate. The second falsely claims to authorize the victim account, signed with the attacker's own key.

The new account doesn't exist at validation time. The loop exits after entry one. The victim's payment goes through without their private keys ever touching the transaction.

According to the official vulnerability disclosure published by XRPL Labs at xrpl.org, a successful large-scale exploit could have drained victim accounts down to reserve levels and submitted AccountSet, TrustSet, and potentially AccountDelete transactions without authorization.

Must read: Crypto Hackers Target Trezor and Ledger Users by Mail

AI Caught What Manual Review Missed

Cantina AI's Apex tool found this through static analysis of the rippled codebase. As ">@hrkrshnn posted on X, their autonomous bug hunter Apex found the security bug in Ripple's upgrade and responsibly disclosed it. The bug has since been fixed and acknowledged in Ripple's GitHub release notes, with no funds ever at risk.

Ripple engineering teams validated the report the same evening with an independent proof-of-concept. Remediation started that night.

UNL validators were contacted immediately and advised to vote against the Batch amendment. The amendment was already in its voting phase. It had not reached mainnet activation.

You might also like: Solana Hack Shutdown Kills Step Finance, SolanaFloor Forever

The emergency release, rippled 3.1.1, published February 23, 2026. It marks both Batch and fixBatchInnerSigs as unsupported. Validators cannot vote for them. They cannot activate.

As ">@Vet_X0 posted on X, a bug bounty report caught the Batch bug before activation, with a new XRP software update expected that week deprecating the amendment. A follow-up update carrying the fully corrected BatchV1_1 amendment was flagged as the logical next step, though no timeline was confirmed.

What Comes After the Emergency Patch

The full logic fix goes deeper than the emergency release. It removes the early-exit behavior, adds authorization guards, and tightens the scope of the signing check altogether. That corrected version ships under a new amendment name: BatchV1_1. It is still under review. No release date is set.

XRPL Labs also confirmed plans to add AI-assisted code audit pipelines as a standard review step going forward. Static analysis coverage will extend specifically to flag premature success returns inside signer-iteration loops, the exact pattern that caused this.

You might also like: XRP Gartley Pattern Forms Near $1.30 Support

The broader XRP Ledger remained secure throughout. No mainnet funds were at risk at any point. Validators moved fast. The responsible disclosure process worked exactly as it was supposed to.

Also worth watching: Ripple Price Analysis: XRP Key Levels After 20% Bounce