Ripple and Immunefi Launch $200K Bug Hunt for XRPL Lending Protocol
Ripple has joined forces with Immunefi to host an “Attackathon”, a security-focused bug-hunting event targeting the new XRPL Lending Protocol, which enables fixed-term, uncollateralized loans on the XRP Ledger (XRPL). Researchers have the chance to earn up to $200,000 for discovering valid vulnerabilities.
The Attackathon runs from October 27 to November 29, inviting white-hat hackers and security experts to rigorously examine the protocol before its official launch. Ahead of the main event, Ripple is offering an “Attackathon Academy” from October 13 to October 27, providing tutorials, walkthroughs, and Devnet environments to familiarize participants with XRPL’s architecture.
Critical exploits unlock the full $200,000 reward pool, while $30,000 will be awarded to participants who submit meaningful but non-critical findings.
The XRPL Lending Protocol, governed under XLS-66, takes a unique approach compared to traditional DeFi systems. It does not rely on smart contracts, wrapped assets, or on-chain collateral. Instead, creditworthiness is assessed off-chain, allowing institutions to apply their own risk models while all funds and repayments are recorded on the ledger. Ripple positions this protocol as a bridge between traditional credit markets and on-chain finance, offering transparency while maintaining regulatory safeguards. Institutions requiring collateralized setups can still manage them via licensed custodians or tri-party agreements, with the protocol serving as the execution layer.
Researchers will focus on vulnerabilities that could jeopardize fund security or protocol solvency, including vault logic, liquidation and interest calculations, and permissioned access controls. Bugs must be reproducible with working proof-of-concepts to qualify for rewards.
The Attackathon also evaluates related standards such as XLS-65 (single-asset vaults), XLS-33 (multi-purpose tokens), XLS-70 (credentials), and XLS-80 (permissioned domains), providing a thorough review of the protocol’s security landscape.
