Ripple and cybersecurity firm Immunefi have launched a USD $200,000 bug bounty program to secure a new institutional lending protocol on the XRP Ledger, underscoring Ripple’s commitment to robust security for decentralized finance aimed at traditional financial players. The initiative, named “Attackathon,” invites white-hat hackers and security researchers to identify vulnerabilities in the protocol before its implementation.
This program is a key step in Ripple’s roadmap for institutional DeFi. The company seeks to proactively mitigate risks as it integrates real-world credit markets into the XRP Ledger.
The new native lending protocol, governed by the XLS-66 standard, is designed for institutions. It will introduce a mechanism for fixed-term, uncollateralized loans directly on the XRP Ledger blockchain. This approach removes the need for traditional smart contracts or wrapped assets.
Creditworthiness for these loans will be assessed off-chain, allowing financial institutions to use their existing underwriting and risk models. Funds are pooled on-chain, and repayments adhere to predefined terms enforced at the protocol level. For entities requiring collateralized loans, the system supports off-ledger structures through authorized custodians or tripartite agreements. This distinguishes the XRPL from more speculative DeFi models focused on volatile yields.
The Attackathon competition will run from October 27 to November 29 this year. Participants will meticulously examine the protocol’s C++ code to detect critical flaws. An educational phase, the “Attackathon Academy,” is being held from October 13 to October 27. This phase provides resources like live tutorials with Ripple engineers and a curriculum focused on XRPL architecture for security researchers.
The scope of the program extends beyond XLS-66 to include related standards such as XLS-65 (Single Asset Vault), XLS-33 (Multi-Purpose Tokens), XLS-70 (Credentials), XLS-77 (Deepfreeze), and XLS-80 (Permissioned Domains). Prioritized vulnerabilities include faulty liquidation logic, interest calculation errors, administrative attacks, vault interaction exploitation, and access control bypasses.
The full USD $200,000 prize pool will be distributed among participants if at least one valid vulnerability is identified. The top performers will receive additional recognition through Immunefi’s All Star and Podium programs. In the event no critical bugs are found, a USD $30,000 backup fund is reserved to reward valuable contributions. This incentive structure aims to foster a strong security community around the XRPL.