The two biggest DeFi exploits of the last two months have one thing in common. They used a tool that does not exist on the market. $XRP Ledger.
Thorchain lost approximately $10.8 million on May 15 due to a cross-chain attack that drained funds from Bitcoin, Ethereum, BSC, and Base. Drift Protocol, a decentralized perpetual exchange based on Solana, and KelpDAO, a liquid staking protocol on Ethereum, together accounted for over $600 million in losses in April alone.
Cross-chain bridges have lost more than $2.8 billion to attacks since 2021, according to Chainalysis. And a significant portion of these exploits used a variation of the same mechanism: flash loans.
A flash loan is a smart contract feature that allows a merchant to borrow millions of dollars without collateral, provided the loan is repaid in the same transaction. Legitimate use cases include arbitrage between exchanges, collateral swaps without position unwinding, and liquidation bots that maintain solvency in lending markets.
The attack pattern is the same mechanism pointed in the wrong direction.
A borrower takes out the loan, uses the funds to manipulate an oracle or drain a poorly designed pool, profits from the manipulation, and repays the loan, all before the transaction settles. If one step fails, the entire sequence is aborted, so the attacker risks nothing but gas charges.
THE $XRP Ledger does not allow this to work. A draft amendment filed on the XRPL standards repository earlier this week, proposing concentrated liquidity and StableSwap-style pools for the chain’s native automated market maker, included a single line in its Security Considerations section: “Flash loan attacks are structurally impossible.”
This means that XRPL transactions either completely succeed or completely fail, like an Ethereum transaction. But unlike Ethereum, an XRPL transaction cannot call on another contract during its execution. The borrow-manipulate-repay sequence that defines a flash loan attack requires at least three nested operations within a single transaction envelope.
This is a significant architectural choice, and it comes at a cost. Flash loans are not just an attack tool. They have become a structural component of Ethereum DeFi, Aave, dYdX and other major protocols offering them as a product. Arbitrage traders use flash loans to make up price differences between exchanges in a single atomic action.
Liquidation bots use them to keep over-collateralized loan positions solvent. Sophisticated DeFi users use them for collateral trading that would otherwise require capital tied up for hours. XRPL abandons all of this in exchange for completely closing the attack class.
For most of XRPL’s history, the tradeoff didn’t matter because the chain’s DeFi footprint was small. This is changing. Real assets tokenized on the $XRP Ledger has surpassed $3 billion in total value, including last month’s Ripple-JPMorgan-Mastercard-Ondo Finance pilot that processed a token redemption from the U.S. Treasury in less than five seconds.
The proposed AMM amendment, if passed, would close the capital efficiency gap that keeps XRPL DeFi behind Ethereum, opening the chain to a broader set of trading and yield strategies.
If the AMM amendment passes and XRPL’s DeFi liquidity evolves into something that institutional capital can deploy at scale, the question becomes whether structural resistance to exploits is a true competitive advantage or simply a feature that institutions ignore in favor of where the liquidity already is.