The two biggest DeFi exploits of the last two months have one thing in common. They used a tool that does not exist in XRP Ledger.
Thorchain lost approximately $10.8 million on May 15 due to a cross-chain attack that drained funds in Bitcoin, Ethereum, BSC, and Base. Drift Protocol, a Solana-based decentralized perpetual exchange, and KelpDAO, a liquid recovery protocol on Ethereum, together accounted for more than $600 million in losses through April alone.
Cross-chain bridges have lost more than $2.8 billion due to attacks since 2021, according to Chainalysis. And a significant portion of these exploits used some variant of the same mechanic: flash loans.
A flash loan is a smart contract feature that allows a trader to borrow millions of dollars without collateral, on the condition that the loan is repaid in the same transaction. Legitimate use cases include cross-exchange arbitrage, collateral exchanges without unwinding positions, and liquidation robots that maintain solvency in lending markets.
The attack pattern is the same mechanic pointed in the wrong direction.
A borrower obtains the loan, uses the funds to manipulate an oracle or drain a poorly designed fund, profits from the manipulation, and repays the loan, all before the transaction is settled. If any step fails, the entire sequence goes backwards, so the attacker risks nothing more than paying for the gas.
The XRP Ledger does not allow this to work. A draft amendment submitted to the
What that means is that XRPL transactions either succeed or fail completely, just like an Ethereum transaction. But unlike Ethereum, an XRPL transaction cannot generate another contract during its execution. The borrow, manipulate, and pay sequence that defines a flash borrow attack requires at least three operations nested within a single transaction envelope.
This is a significant architectural choice and comes at a cost. Flash loans are not just an attack tool. They have become a structural component of Ethereum DeFi, and are offered as a product by Aave, dYdX, and other major protocols. Arbitrage traders use flash loans to offset price differences between exchanges in a single atomic stock.
Liquidation robots use them to keep overcollateralized loan positions solvent. Sophisticated DeFi users use them for collateral exchanges that would otherwise require capital tied up for hours. XRPL gives up all of that in exchange for shutting down the attack class entirely.
For most of XRPL’s history, compensation didn’t matter because the chain’s DeFi footprint was small. That is changing. Real-world tokenized assets on the XRP Ledger have surpassed $3 billion in total value, including the Ripple-JPMorgan-Mastercard-Ondo Finance pilot last month that processed a tokenized U.S. Treasury swap in less than five seconds.
The draft AMM amendment, if passed, would close the capital efficiency gap that has kept XRPL DeFi behind Ethereum, opening the chain to a broader set of trading and performance strategies.
If the AMM amendment passes and XRPL’s DeFi liquidity grows to something that institutional capital can deploy at scale, the question is whether structural resistance to exploitation is a real competitive advantage or simply a feature that institutions ignore in favor of where the liquidity already is.
