XRP Ledger Developers Refute Last-Place Security Ranking Among Blockchains

XRP Ledger developers are pushing back against the network's last-place security rating in a recent ranking of more than a dozen blockchains by research firm Kaiko, reviving a long-standing debate over the cryptocurrency platform's decentralization and overall trustworthiness.

The Kaiko Blockchain Ecosystem Ranking, released on August 13, assigned XRP Ledger a security score of 41 out of 100, the lowest among the 15 blockchains included in the report. Ethereum topped the ranking with a rating of 83 out of 100, closely trailed by Ethereum layer-2 network Arbitrum and layer-1 network Solana, Kaiko's findings show.

However, XRP Ledger's low score is misleading, RippleX Engineering Head Ayo Akinyele claimed in comments to Decrypt, citing the network's strong safety record.

“XRPL has one of the strongest security track records in blockchain—13 years of continuous operation without a single incident impacting the core network,” Akinyele said.

Kaiko researchers acknowledged that the ranking was influenced in part by an April incident in which the official software development kit for XRP Ledger was hit with a supply chain attack and infected with a potential crypto-swiping "backdoor," as first discovered by security firm Aikido.

The XRP Ledger Foundation replaced the compromised software downloads and said the network codebase itself was never impacted. When asked about the incident, a Ripple Labs representative again stressed that it did not represent a network vulnerability.

"Some of the perceptions may stem from a lack of understanding about the nature of the incident," the representative said, adding that it was "not a vulnerability in XRPL itself, but a supply chain issue in an NPM package (a JavaScript library)."

"Ripple, the XRPL Foundation, validators, and independent developers all communicated openly," they added, "from incident reports to public posts."

Beyond considering that incident, Kaiko researchers also used publicly available data on operational resilience, validator decentralization, audit frequency, and past incidents to come up with its security scores.

XRP Ledger received low marks on security because it showed signs of more centralization than other leading blockchains, a Kaiko representative told Decrypt, pointing to the protocol's relatively low node count and Nakamoto coefficient—two key measures of decentralization in the crypto world. Its score also suffered due to the discovery of a crypto-stealing malware in an official XRP Ledger node package manager for developers in April.

Some Web3 experts have cast doubt on the usefulness of third-party security audits, pointing to a rise in pay-to-play certifications and the technical limitations of many services. The disagreement over XRP's security score underscores a long-running debate over the trustworthiness of the protocol.

For years, some Web3 users have raised concerns over its level of decentralization, a quality that is often regarded as a proxy for security in the crypto community. The network has a relatively low number of validators—it has less than 200 running validator nodes on mainnet, while Solana boasts more than 1,000 validators, according to online data.

The DeFi platform also has a relatively a low Nakamoto coefficient, a measure of decentralization—named after pseudonyous Bitcoin creator Satoshi Nakamoto—that counts the minimum number of independent entities required to disrupt or overtake a blockchain.

But XRP Ledger's security measures go far beyond its decentralization, according to Akinyele.

“XRPL’s consensus design is inherently resilient against attack," Akinyele said. "Validators have no incentive to collude or censor."

XRP Ledger uses its unique node lists to secure its network, the executive added. According to that system, each validator keeps a list of network participants that are deemed trustworthy, keeping bad actors at bay.

“If [malicious] behavior were ever attempted, the community could immediately reject the offending validator and adapt the network to prevent it,” he added.

Akinyele also highlighted several security endorsements received by XRP Ledger over the past two years, including a "Triple A" Skynet score from CertiK and audits from Web3 security firms Halborn and FYEO.