Ripple Launches a $200K ‘Attackathon’ to Stress-Test XRP’s New Lending Protocol

• Ripple launches $200,000 Attackathon with Immunefi to test XRPL lending protocol security and bug resilience.
• Event runs Oct 27–Nov 29, targeting liquidation, interest accrual, and admin exploits across XLS standards.

Ripple has introduced a new challenge aimed at testing the strength of its proposed XRP Ledger (XRPL) lending protocol. The company, in partnership with blockchain security firm Immunefi, has announced an “Attackathon” that offers up to $200,000 to security researchers who detect valid bugs within the system.

The initiative focuses on inviting white-hat hackers to test the resilience of the upcoming protocol, especially areas related to fund security and vault solvency. The XRPL community views this as one of its most awaited updates, which is expected to go for validator voting later this year.

RippleX Head of Product Jasmine Cooper emphasized the significance of a pre-launch testing phase. She stated, 

Cooper added that partnering with Immunefi “allows us to tap into a global network of elite researchers who have secured some of the largest DeFi protocols to date.”

Ripple’s Attackathon Timeline and Key Phases

The lending protocol, first introduced at the XRP Ledger Apex summit, will enable fixed- fixed-term, uncollateralized loans without smart contracts or wrapped tokens. Credit checks are handled off-chain through institutional underwriting systems, while fund pooling and repayments occur on-chain under strict rules.

The initiative is governed by XLS-66, a new standard that seeks to strengthen the foundation for institutional capital activity on XRPL. It aims to support real-world credit markets while maintaining transparency through on-chain processes and regulated custody options.

According to the blog post, the attackathon begins on October 27, 2025, and runs until November 29, 2025, following a two-week education phase starting October 13. During this time, developers can receive technical guidance from Ripple engineers, study the Devnet guides, and test their approaches in a controlled setup.

Reward Structure and Bug Criteria

The total reward pool stands at $200,000, with a guaranteed minimum payout of $30,000 if no eligible bugs are found. Rewards will be distributed equally among participants, while top performers will earn extra recognition through Immunefi’s “All Star” and “Podium” programs.

The rules specify that only bugs with working proof-of-concepts in the deployed codebase will be accepted. The competition focuses on core protocol assets such as the XLS-66 lending protocol, XLS-65 single-asset vault, XLS-33 multi-purpose tokens, XLS-70 credentials, XLS-77 deep freeze, and XLS-80 permissioned domains.

Testers should focus on issues in liquidation logic, interest accrual bugs that could unfairly benefit a user, and administrative exploits that let attackers alter protocol records. Other key areas include wallet interactions, access control, and mechanisms related to asset freeze or clawback functions.

Cooper said, 

Despite Ripple’s growing institutional focus, XRPL faced criticism. In August 2025, research firm Kaiko ranked it at the bottom among 15 blockchains in a security comparison.

At the time of writing, Ripple’s native token XRP trades at $2.47, down 5.24% in the past 24 hours. Trading activity dropped by around 16%, bringing the total volume to $8.41 billion.