XRP Ledger Developers Refute Blockchain research firm Kaiko gave XRP Ledger a rough security score in a recent ranking, but developers are pushing back on the analysis.
brief
XRP Ledger developers are protesting the network’s lowest-ranked security rating in a recent ranking of more than a dozen blockchains by research firm Kaiko, reviving a long-standing debate over the cryptocurrency platform’s decentralization and overall reliability.
The Kaiko Blockchain Ecosystem Ranking released on August 13 gave the XRP Ledger a security score of 41 out of 100, the lowest of the 15 blockchains included in the report. Kaiko’s findings show that Ethereum tops the ranking with a rating of 83 out of 100, while Ethereum layer-2 network Arbitrum and layer-1 network Solana are right behind.
However, RippleX engineering lead Ayo Akinyele claimed that the XRP Ledger’s low score is misleading, citing the network’s strong security record in a statement to Decrypt.
“XRPL has one of the strongest security track records in blockchain—13 years of continuous operation without a single incident impacting the core network,” Akinyele said.
Kaiko researchers acknowledged that the ranking was partly influenced by an incident in April in which the XRP Ledger’s official software development kit was subjected to a supply chain attack and infected with a potential crypto-swiping “backdoor,” as first discovered by security firm Aikido.
The XRP Ledger Foundation replaced the affected software download and said there was no impact to the network codebase. When asked about the incident, a Ripple Labs representative again stressed that it was not a network vulnerability.
The representative said, “Some of the assumptions may have arisen from a lack of understanding about the nature of the incident,” adding that it was “not a vulnerability in XRPL, but rather a supply chain issue in the NPM package (a JavaScript library).”
They added, “Ripple, the XRPL Foundation, validators, and independent developers all communicated openly, from incident reports to public posts.”
In addition to considering that incident, Kaiko researchers determined its security score using publicly available data on operational resilience, validator decentralization, audit frequency, and past incidents.
A Kaiko representative told Decrypt that the XRP Ledger received low marks for security because it showed signs of greater centralization than other major blockchains. XRP Ledger Developers Refute They pointed to the protocol’s relatively low node count and Nakamoto coefficient—two key measurements of decentralization in the crypto world. The discovery of crypto-stealing malware in an official XRP Ledger node package manager for developers in April also led to a drop in its score.
Some Web3 experts have cast doubt on the usefulness of third-party security audits, and pointed to the rise in pay-to-play certifications and the technical limitations of many services. The disagreement over XRP’s security score underscores a long-running debate over the protocol’s reliability.
For years, some Web3 users have raised concerns about its level of decentralization, a trait often considered a proxy for security in the crypto community. According to online data, the network has a relatively low number of validators—it has less than 200 running validator nodes on its mainnet, while Solana has over 1,000 validators.
The DeFi platform also has a relatively low Nakamoto coefficient, a measure of decentralization—named after Bitcoin’s pseudonymous creator Satoshi Nakamoto—that calculates the minimum number of independent entities needed to disrupt or overtake a blockchain.
But according to Akinyele, the XRP Ledger’s security measures go far beyond its decentralization.
“XRPL’s consensus design is inherently resilient to attack.XRP Ledger Developers Refute Validators have no incentive to collude or commit censorship,” Akinyele said.
XRP Ledger uses its unique node lists to secure its network, the executive added. According to that system, each validator keeps a list of network participants that are deemed trustworthy, keeping bad actors at bay.