XRP News: AI tool catches bug that could have drained Ripple-linked token from wallets

An autonomous AI security tool named Apex, developed by Cantina AI and Pranamya Keshkamat, identified a critical vulnerability in the XRP Ledger's pending Batch amendment on February 19. This bug resided in the signature validation logic and could have enabled an attacker to steal funds from any account without needing the victim's private keys. The exploit involved constructing a batch transaction where an early exit in the validation loop, triggered by a non-existent new account's signature, bypassed verification for subsequent malicious transactions, like a payment from the victim. Since the amendment was only in the voting phase, no funds were actually at risk. Ripple's team validated the proof-of-concept the same evening, leading validators to immediately vote against the amendment. An emergency release, rippled 3.1.1, was published to block the amendment's activation. XRPL Labs plans to integrate AI-assisted code audits into its standard review process following this incident.

(Source：CoinDesk)