Ripple and Immunefi Launch $200,000 XRPL Attackathon
Ripple and security platform Immunefi have partnered to host a $200,000 “Attackathon.” The event aims to find vulnerabilities in the upcoming XRPL Lending Protocol.
The official announcement invites global security researchers to test the protocol’s code. The goal is to ensure it is secure for institutional use.
Details of the XRPL Lending Protocol and Attackathon
The XRPL Lending Protocol uses the XLS-66 standard. It offers fixed-duration, uncollateralized loans on the XRP Ledger. Unlike most DeFi protocols, it does not use smart contracts or wrapped assets. It also does not hold collateral.
Creditworthiness is checked off-chain using existing risk models. Institutions benefit from on-chain transparency and efficient transactions. XLS-66 defines the loan rules and technical structure to maintain security and compatibility across XRPL.
The Attackathon runs from October 27 to November 29, 2025. An education period from October 13 to October 27 helps researchers prepare. The $200,000 reward pool unlocks if at least one valid vulnerability is found.
If no major issues appear, a $30,000 backup pool will reward valuable contributions. Immunefi’s All Star and Podium programs will allocate rewards to top performers.
- Researchers should focus on risks affecting fund security, vault solvency, liquidation logic, interest accrual, asset freeze, admin records, and permissioned access control.
- Submissions must be bugs in deployed, in-scope codebases with working proofs of concept.
Support and Education for Researchers
Ripple and Immunefi offer the Attackathon Academy to support researchers. It provides live sessions with engineers, guides for using the XRPL devnet, build instructions, and testing resources. The academy remains open after the competition ends.
This Attackathon is part of Ripple’s effort to expand institutional-grade DeFi on the XRP Ledger. Engaging the global security community early aims to make the XRPL Lending Protocol safe for real financial use.
