Ripple and security platform Immunefi have partnered together to host a $200,000 “Attackathon,” which will seek out vulnerabilities in the soon-to-launch XRPL Lending Protocol.
According to the official announcement, the initiative invites security researchers from around the world to probe the protocol’s code for vulnerabilities, helping ensure it is secure enough for institutional use.
We’ve partnered with @rippleXDev to launch a $200,000 Attackathon helping secure the proposed XRPL Lending Protocol.
— Immunefi (@immunefi) October 13, 2025
This is a time-boxed, adversarial competition to identify vulnerabilities before the protocol reaches production. pic.twitter.com/792uz2fRNZ
The XRPL Lending Protocol, based on the XLS-66 standard, will deliver fixed-duration, uncollateralized loans to the XRP Ledger. Contrary to most decentralized finance (DeFi) protocols, it doesn’t rely on smart contracts or wrapped assets, and it doesn’t hold collateral.
Instead of checking creditworthiness on-chain, institutions can check it off-chain but use existing risk models, with institutions still reaping the benefits of transparency and efficiency on-chain transactions. XLS-66 defines the rules and technical structure for the loans, ensuring that the system remains secure and compatible across the XRPL ecosystem.
About the Attackathon
The Attackathon itself is structured as time-boxed, with the attackathon competition running from October 27 to November 29, 2025, and an education period from October 13 to October 27 to help researchers get up to speed. The total reward pool is $200,000, which is unlocked if at least one valid vulnerability is found.
If no major problems are uncovered, a $30,000 backup pool will be distributed to those who contribute valuable ideas. Immunefi’s All Star and Podium programs will reserve portions of the pool for top performers.
Researchers should target risks that might compromise fund security, vault solvency, liquidation logic, interest accrual, asset freeze, admin records, and permissioned access control. Submissions must be bugs in deployed, in-scope codebases, and they have to come with working proofs of concept.
Support for researchers
To help researchers prepare for the XRPL Attackathon, Ripple and Immunefi are offering an open-access Education Program called the Attackathon Academy. It provides live sessions with engineers, guides on using the XRPL devnet, step-by-step build instructions, and resources for testing and coordinating research. The academy remains available even after the competition ends.
This Attackathon is a key step in Ripple’s push to expand institutional-grade DeFi on the XRP Ledger. By engaging the worldwide security community at an early stage, the company aims to make the XRPL Lending Protocol secure enough to support actual financial transactions.