XRP Ledger Developers Dismiss Low Security Ranking Compared to Other Blockchains

Developers of XRP Ledger are challenging the network’s last-place security rating in a recent evaluation of over a dozen blockchains by research firm Kaiko, reigniting a longstanding discussion about the cryptocurrency platform’s decentralization and overall reliability.

The Kaiko Blockchain Ecosystem Ranking, released on August 13, allocated XRP Ledger a security score of 41 out of 100, the lowest within the 15 blockchains studied. Ethereum led the ranking with a score of 83 out of 100, closely followed by Ethereum layer-2 network Arbitrum and layer-1 network Solana, according to Kaiko’s findings.

However, RippleX Engineering Head Ayo Akinyele stated to Decrypt that XRP Ledger’s low score is misleading, citing the network’s solid safety record.

“XRP Ledger has one of the most robust security records in blockchain—13 years of continuous operation without a single incident affecting the core network,” Akinyele noted.

Kaiko researchers acknowledged that the ranking was partially influenced by an April incident involving a supply chain attack on the official software development kit for XRP Ledger, which was found to be infected with a potential crypto-stealing “backdoor,” first identified by security firm Aikido.

The XRP Ledger Foundation replaced the compromised software downloads, asserting that the network’s codebase was never compromised. A Ripple Labs representative reiterated that the incident did not signify a vulnerability in the network.

“Some misunderstandings may arise from a lack of clarity regarding the nature of the incident,” the representative explained, noting that it was “not a vulnerability in XRP Ledger itself, but a supply chain complication linked to an NPM package (a JavaScript library).”

“Ripple, the XRP Ledger Foundation, validators, and independent developers communicated transparently,” they added, “from incident reports to public statements.”

Beyond the review of that incident, Kaiko researchers also utilized publicly accessible data regarding operational resilience, validator decentralization, audit frequency, and historical incidents to develop its security ratings.

XRP Ledger received low marks in security due to indications of greater centralization compared to other leading blockchains, as noted by a Kaiko representative in comments to Decrypt, highlighting the protocol’s comparatively low node count and Nakamoto coefficient—two fundamental measures of decentralization in the crypto realm. Its score also suffered from the identification of crypto-stealing malware within an official XRP Ledger node package manager intended for developers in April.

Certain Web3 experts have expressed skepticism regarding the effectiveness of third-party security audits, citing an increase in pay-to-play certifications and the technical limitations of many service providers. The controversy surrounding XRP’s security score highlights a longstanding debate over the reliability of the protocol.

For years, some Web3 participants have voiced concerns over its degree of decentralization—a characteristic often viewed as a proxy for security within the crypto community. The network operates with a relatively low number of validators, having fewer than 200 active validator nodes on the mainnet, while Solana boasts over 1,000 validators, according to available data.

The DeFi platform also possesses a relatively low Nakamoto coefficient, a metric of decentralization—named after the pseudonymous Bitcoin creator Satoshi Nakamoto—that accounts for the minimum number of independent entities needed to disrupt or take control of a blockchain.

However, Akinyele asserts that XRP Ledger’s security measures extend well beyond its decentralization.

“The consensus design of XRP Ledger is inherently resistant to attacks,” Akinyele explained. “Validators lack any incentive to collude or censor.”

XRP Ledger employs unique node lists to safeguard its network, the executive elaborated. In this system, each validator maintains a list of network participants deemed trustworthy, effectively keeping malicious actors at bay.

“If [malicious] actions were ever attempted, the community could swiftly reject the offending validator and adjust the network to prevent it,” he pointed out.

Akinyele also noted several security endorsements that XRP Ledger has received over the past two years, including a “Triple A” Skynet rating from CertiK and audits conducted by Web3 security firms Halborn and FYEO.