XRPL Foundation Patches Critical Signature Validation Flaw – Amendment Blocked Before Mainnet Activation

Key Takeaways

Critical Flaw Identified in Signature Validation Logic

The XRPL Foundation has confirmed that it addressed a critical vulnerability in the XRP Ledger before the affected code reached mainnet. According to the foundation, the issue was found in the signature validation logic of a yet to be enabled amendment.

The vulnerability was identified on February 19 by Pranamya Keshkamat, a security engineer at cybersecurity firm Cantina, together with Cantina’s autonomous AI security tool. The flaw was described as a critical logic error within the signature validation code batch.

If activated, the amendment could have enabled an attacker to execute transactions from victim accounts without possessing their private keys. This would have included the ability to drain funds and modify ledger state. The XRPL Foundation stated that the amendment was still in its voting phase at the time of discovery and had not been activated on mainnet. As a result, no funds were at risk.

Potential Impact on Funds and Ecosystem Stability

The XRPL Foundation said the vulnerability could have had significant consequences if exploited at scale. In addition to potential theft of funds, the flaw might have allowed attackers to alter the ledger state in unauthorized ways.

The foundation also warned that a successful large scale exploit could have destabilized the broader XRP Ledger ecosystem. It noted that such an event could have led to substantial loss of confidence in XRPL and significant disruption.

Hari Mulackal, CEO of Cantina and Spearbit, stated that the autonomous bug hunting system known as Apex discovered the issue. He said that, had the flaw been exploited, it could have represented the largest security hack by dollar value in the world, with nearly 80 billion dollars at direct risk. The report indicated this figure possibly referred to XRP’s market capitalization.

Emergency Measures and Validator Response

Following the disclosure, the XRPL Foundation and Ripple engineering teams validated the report and began patching the code. The vulnerability was identified through static analysis of the rippled codebase conducted by the AI security tool.

After confirming the issue, validators were advised to vote against the amendment to prevent it from being activated. In addition, an emergency release, rippled version 3.1.1, was published on February 23. This release was designed to block the amendment from going live.

The coordinated response ensured that the vulnerable code was not deployed to mainnet. According to the XRPL Foundation, the amendment remained unactivated, and no user funds were exposed during the process.

AI Tools Increasingly Used in Code Security Reviews

The discovery highlights the growing role of artificial intelligence in cybersecurity. Cantina’s autonomous AI system identified the vulnerability through automated code analysis and generated a disclosure report that enabled engineers to act before deployment.

AI driven vulnerability scanners are being used more frequently to identify potential flaws that may be overlooked during manual reviews. The report noted that Anthropic released Claude Code Security, an AI cybersecurity vulnerability scanner, on February 20. The company claims the system can reason like a skilled security researcher.

The use of AI based tools in this case allowed the vulnerability to be detected during the amendment’s voting phase, before activation on mainnet. This timing was central to preventing any direct financial impact.

Why This Matters for XRP Ledger Users

For users of the XRP Ledger, including those who hold XRP or rely on the network for transactions, the incident underscores the importance of amendment review processes and validator oversight.

The fact that the amendment had not yet been activated meant that the existing mainnet infrastructure was not exposed to the flawed code. The combination of AI based detection, coordinated disclosure, and validator action prevented the vulnerability from affecting live transactions.

In blockchain systems where amendments are subject to voting before activation, the review phase acts as a safeguard. In this instance, that mechanism provided time for identification, disclosure, and remediation.

Our Assessment

The XRPL Foundation confirmed that a critical signature validation flaw was discovered and patched before the affected amendment reached mainnet. The vulnerability, identified by a Cantina security engineer and an autonomous AI tool, could have enabled unauthorized transactions without private keys. Validators were instructed to reject the amendment, and an emergency software update was released to block activation. According to the foundation, no funds were at risk and the ledger remained secure throughout the process.

Cambodia Gambling Revenue Rises 14% in 2025 – Licensed Sector Expands Despite Enforcement Crackdowns and Border Disruptions

Key Takeaways

Revenue Growth Recorded by the Cambodian Commercial Gaming Commission

Cambodia’s regulated gambling sector generated 290.7 billion riels in mandatory revenue in 2025, equivalent to approximately $72 million. According to data released by the Cambodian Commercial Gaming Commission, this represents a 14% increase compared with 2024.

In absolute terms, the year on year rise amounted to around 35.8 billion riels, or roughly $8.9 million. The figures reflect revenue collected from licensed operators under Cambodia’s commercial gambling framework.

By the end of 2025, the country counted 195 licensed casinos. Of these, 160 were located in Preah Sihanouk province, which remains the central hub of Cambodia’s casino industry. The concentration of licences in one province highlights the geographic focus of land based gambling operations within the country.

Licence Suspensions and Revocations During 2025

While revenue increased, regulators also stepped up enforcement. In February 2025, authorities announced the suspension and revocation of five casino licences. The regulator stated that violations of the Law on Commercial Gambling Management could result in financial penalties or permanent closure.

Throughout the year, several casinos in Sihanoukville and in Svay Rieng province faced suspension or revocation following police investigations. These actions formed part of a broader effort to address alleged regulatory breaches and criminal activity linked to gambling properties.

The Cambodian authorities made clear that compliance with the legal framework is a condition for continued operation. The combination of higher revenue collection and targeted licence actions indicates closer monitoring of licensed entities.

Crackdowns on Cybercrime and Illegal Online Betting

Enforcement in 2025 extended beyond licence reviews. Authorities conducted raids aimed at dismantling cyber scam operations, illegal online betting networks, and suspected money laundering activities connected to casino premises.

One large scale operation resulted in dozens of arrests. Law enforcement officials seized computers and mobile devices that were allegedly used in cyber fraud networks. The Cambodian Commission for Combating Cybercrime coordinated these actions with provincial courts and the national police.

Joint operations focused in particular on border regions. In certain locations, telecommunications restrictions were reportedly introduced to disrupt suspected fraud networks. These measures reflect an effort to address cross border elements of online crime linked to gambling infrastructure.

International scrutiny also intensified. The United States and the United Kingdom imposed sanctions on Cambodian operators and individuals accused of involvement in cross border scams and money laundering. These measures added an external dimension to domestic enforcement efforts.

Border Tensions With Thailand Affect Casino Hubs

The gambling sector also faced geopolitical pressure in 2025. Armed clashes occurred near Poipet, a key casino hub that relies heavily on visitors from Thailand. Checkpoint closures and tighter security measures disrupted cross border travel.

Thai authorities issued an arrest warrant for a Cambodian casino figure over alleged links to cross border scams. The combination of security incidents and legal action added uncertainty to operations in border dependent casino areas.

For land based casinos that depend on cross border traffic, travel disruptions can directly affect visitor flows. Despite these tensions, official revenue figures show that the licensed sector as a whole recorded growth during the year.

Revenue Increase Linked to Compliance and Collection Measures

Although revenue rose by 14%, analysts cited in the source material attribute the increase primarily to stricter compliance among remaining operators and improved revenue collection mechanisms. The data does not indicate that the growth resulted from a surge in gambling demand.

This distinction is relevant for understanding the structure of the market. With multiple licences suspended or revoked and enforcement activity intensifying, the overall number of compliant operators may have narrowed even as reported revenue increased.

Improved oversight and more effective collection processes can raise recorded revenue without necessarily expanding the underlying customer base. In this context, the 2025 figures reflect both regulatory tightening and continued operation of licensed casinos.

Our Assessment

The 2025 data show that Cambodia’s regulated gambling sector generated higher mandatory revenue despite intensified enforcement, licence suspensions, cybercrime crackdowns, and border tensions with Thailand. The industry ended the year with 195 licensed casinos, heavily concentrated in Preah Sihanouk province.

Authorities combined revenue collection with expanded oversight, including raids, telecommunications restrictions in targeted areas, and cooperation with courts and police. International sanctions and cross border legal disputes added further pressure. According to the available information, the revenue increase is linked to stricter compliance and improved collection mechanisms rather than rising gambling demand. For observers of regional gambling markets, the figures indicate a shift toward tighter regulation alongside continued operation of the licensed sector.

Wynn Resorts Faces Proposed Class Action Over Alleged ShinyHunters Data Exposure – Legal and Cybersecurity Risks Intensify for Casino Operators

Key Takeaways

Class Action Targets Alleged Data Exposure at Wynn Resorts

Wynn Resorts is confronting a proposed class action lawsuit following allegations that customer information was exposed during a cyber incident linked to the hacking group known as ShinyHunters. The legal action centers on claims that personally identifiable information was accessed due to weaknesses in the company’s cybersecurity measures.

According to court filings referenced in the complaint, the plaintiffs argue that the safeguards designed to protect sensitive customer data were not strong enough to prevent intrusion. They allege that gaps in security controls enabled outside actors to gain access to internal records. The lawsuit states that individuals affected by the incident may now face increased risks of identity theft and fraud.

Wynn Resorts has not conceded wrongdoing. The scope of the alleged exposure is still under review, and the case is at a preliminary stage.

Type of Data Reportedly Involved

The information believed to have been accessed includes customer names, email addresses, contact data, and certain account related details. While the full extent of the exposure has not been publicly detailed, the complaint emphasizes that even partial access to such records can create risks for affected individuals.

Casino and resort operators typically manage large volumes of customer information. Their systems often include loyalty program databases, hotel reservation platforms, online wagering accounts, and payment processing channels. In such environments, personally identifiable information is closely integrated with hospitality and gaming operations. As a result, any alleged intrusion into these interconnected systems can trigger regulatory disclosures, forensic investigations, and civil litigation.

In the current case, plaintiffs also question the company’s notification practices. The complaint describes the disclosure process as delayed or insufficient, although specific timelines have not been outlined in the available information.

ShinyHunters and Targeting of Large Consumer Databases

ShinyHunters has been associated with data breaches affecting companies in retail, technology, and entertainment sectors. The group has been linked to incidents involving organizations that maintain extensive consumer databases.

Such databases can be attractive targets because stolen information may later be sold or used in extortion schemes. Companies that collect large volumes of identity and contact data are therefore exposed to both operational and reputational risks when cybersecurity incidents occur.

The alleged connection to ShinyHunters places Wynn Resorts within a broader pattern of cyber activity targeting data rich enterprises. However, the current proceedings focus specifically on whether Wynn Resorts implemented adequate safeguards and responded appropriately once the incident became known.

Digital Transformation Expands Cyber Risk in Gaming and Hospitality

Casino and integrated resort operators rely on complex digital infrastructures. These systems support hotel bookings, gaming activity, customer loyalty programs, and financial transactions. The integration of these services allows for operational efficiency and customer personalization, but it also increases the number of potential entry points for cyber threats.

Large scale data collection has become central to modern gaming and hospitality operations. Resorts process high volumes of transactions while storing detailed identity and behavioral data. This combination makes cybersecurity a core component of operational resilience.

Recent incidents involving major operators in the sector have led to service interruptions, compliance reviews, remediation costs, and legal claims. In this context, lawsuits tied to alleged data protection failures reflect growing legal and regulatory pressure. Consumers and regulators increasingly expect timely disclosure and robust data protection frameworks when incidents occur.

Legal Claims Focus on Security Controls and Disclosure Practices

The complaint against Wynn Resorts outlines several core allegations. These include claims of inadequate cybersecurity controls, exposure of sensitive information, and notification practices that plaintiffs describe as insufficient.

Class action proceedings of this nature typically seek to represent a broader group of individuals who may have been affected by the same incident. At this stage, the lawsuit remains proposed, meaning that court approval is required before it can proceed as a certified class action.

The outcome will depend on the court’s assessment of the evidence presented, including the adequacy of the company’s security measures and the timeliness and clarity of its communications with customers.

Our Assessment

The proposed class action against Wynn Resorts highlights the legal and operational consequences that can follow alleged cybersecurity incidents in the casino and hospitality sector. The case centers on claims that customer data including names, email addresses, and account related details was accessed due to insufficient safeguards. Wynn Resorts has not admitted wrongdoing, and the proceedings are ongoing. The development underscores the central role of cybersecurity controls and disclosure practices for operators managing large volumes of customer information.

Binance Reports 97% Drop in Sanctions Exposure Since 2024 – Exchange Responds to Allegations With Compliance Data

Key Takeaways

Binance Publishes Compliance Update After Media Allegations

Binance has stated that it has significantly reduced its exposure to sanctioned entities and high risk jurisdictions since the beginning of 2024. In a blog post titled “Setting the record straight,” published on February 23, the crypto exchange said that sanctions-related exposure as a percentage of total exchange volume has fallen by roughly 97 percent since January 2024.

According to the company, this figure now stands at approximately 0.009 percent of overall trading volume. Binance said that exchange volume connected to sanctions-related entities has declined over the same period.

The statement was released after a February 13 report by Fortune, which cited anonymous sources and alleged that Binance had dismissed at least five investigators. These individuals were reportedly said to have uncovered evidence of potential Iranian sanctions violations. Binance rejected those claims on February 15, calling the report “categorically false.” The company stated that no investigator was dismissed for raising compliance concerns or for reporting potential sanctions issues.

In its latest post, Binance said that some compliance employees did leave the company following an internal review. According to the exchange, that review identified breaches of company data protection and confidentiality guidelines.

Reduction in Exposure to Iranian Exchanges

Binance provided specific figures related to its exposure to Iranian trading platforms. The company said that between January 2024 and January 2026, it reduced direct exposure to four top Iranian exchanges by more than 97 percent. In monetary terms, this exposure declined from 4.19 million dollars to 110,000 dollars over the two year period.

The exchange did not name the four Iranian platforms in the statement but characterized them as the leading exchanges in the country. Binance framed the reduction as part of broader efforts to limit interaction with sanctioned entities and jurisdictions.

In the same post, Binance argued that recent reporting on its sanctions compliance relied on incomplete and mischaracterized accounts. The company said such reporting did not reflect all of the facts or the full investigative record.

Sanctions compliance has been a recurring issue for crypto exchanges operating globally, particularly when dealing with jurisdictions subject to international restrictions. In 2022, Binance faced scrutiny after a Reuters report alleged that Iranian users continued to trade on the platform even after the country had been blacklisted. The latest statement positions the company as having tightened its controls since then.

Compliance Investment and Workforce Allocation

Beyond the numerical data on sanctions exposure, Binance used the blog post to emphasize its compliance structure. The company stated that approximately 25 percent of its global headcount is dedicated to compliance related functions.

Binance also said it has invested hundreds of millions of US dollars in its compliance programs. While the post did not break down specific spending categories, the reference to substantial financial resources indicates that the company is highlighting internal controls, monitoring systems, and regulatory engagement as core operational priorities.

For users of crypto trading platforms, including those who rely on digital assets for betting or gaming transactions, compliance measures can affect account access, withdrawal processes, and jurisdictional availability. Exchanges that tighten sanctions controls may implement stricter verification procedures or restrict services in certain regions. Binance did not announce new user facing restrictions in the post, but the data suggests ongoing monitoring and adjustments to exposure levels.

Ongoing Scrutiny of Sanctions Compliance in Crypto Markets

The broader crypto industry continues to face scrutiny over sanctions enforcement, particularly in relation to countries such as Iran and Russia. In the same news cycle, separate reporting highlighted concerns about crypto exchange networks allegedly helping Russia skirt sanctions, according to blockchain analytics firm Elliptic.

Although Binance’s latest statement focused on its own internal metrics, the timing reflects a wider regulatory environment in which authorities and media outlets closely examine transaction flows linked to sanctioned jurisdictions.

By publishing detailed percentage reductions and specific dollar amounts, Binance appears to be responding directly to questions about how it monitors and limits exposure to restricted entities. The company maintains that the allegations cited in the Fortune report are inaccurate and that internal departures were linked to confidentiality breaches rather than retaliation for raising compliance concerns.

Our Assessment

Based on the information provided by Binance, the exchange reports a 97 percent reduction in sanctions-related exposure since January 2024, with current exposure representing approximately 0.009 percent of total trading volume. It also states that direct exposure to four major Iranian exchanges declined from 4.19 million dollars to 110,000 dollars over two years. The company denies allegations of dismissing investigators over sanctions concerns and highlights that one quarter of its workforce is dedicated to compliance. These disclosures indicate that sanctions compliance remains a central operational and reputational issue for the exchange as it responds to external scrutiny.

Franklin Templeton and SWIFT Outline 24-7 On-Chain Banking Vision – Tokenized Funds and Deposits Move Toward Early Infrastructure

Key Takeaways

Asset Managers Push Money Market Funds On-Chain

Franklin Templeton is advancing the tokenization of money market funds, positioning them as a core use case for blockchain-based financial infrastructure. Speaking at Consensus Hong Kong 2026, Chetan Karkhanis of Franklin Templeton said the objective is to take traditional financial instruments and make them cheaper and more efficient by issuing them natively on-chain.

The firm is focusing on money market funds, a global asset class valued at roughly $10 trillion and composed primarily of short-term Treasuries and repurchase agreements. By placing fund shares directly on blockchain networks, Franklin Templeton enables access through self-custody wallets or exchanges. This structure is designed to provide 24-7 liquidity, removing traditional cut-off times associated with fund subscriptions and redemptions.

In addition to continuous access, the firm aims to reduce operational expenses. Shareholder servicing fees in traditional structures can range from five to 15 basis points. Tokenized issuance, according to the company, can lower these costs by streamlining record-keeping and transaction processing.

For users of crypto platforms, tokenized money market funds represent a regulated yield-bearing instrument that can exist alongside stablecoins and other digital assets within blockchain ecosystems. The model allows investors to hold fund shares in digital wallets rather than through conventional brokerage accounts.

SWIFT Develops Infrastructure for Tokenized Deposits and CBDCs

On the banking side, SWIFT is working on integrating tokenized deposits and central bank digital currencies into existing global payment systems. Devendra Verma, representing SWIFT’s digital assets unit, described tokenized deposits as digital representations of fiat balances already held on bank balance sheets.

Rather than replacing existing liabilities, tokenized deposits mirror traditional fiat holdings in a new digital format. This approach allows banks to modernize payment processes without altering their balance sheet structure.

SWIFT connects more than 11,500 financial institutions worldwide. The organization reports that 75 percent of its payments already reach beneficiaries within 10 minutes. Its current initiative aims to eliminate cut-off times and holiday delays by creating continuous availability, moving toward a 24-7 operating model.

To achieve this, SWIFT is building a blockchain-based orchestration layer. This infrastructure is designed to interoperate with central bank digital currencies, tokenized bank deposits and other regulated digital assets. The goal is to ensure that new digital forms of value can move across the same global rails used for conventional cross-border payments.

For market participants, including crypto users and operators that rely on banking partners, such interoperability could influence how fiat on-ramps, settlement times and liquidity management evolve in the coming years.

Tokenized Assets Remain Small Compared With Global Markets

Despite growing institutional involvement, on-chain financial assets remain modest in scale compared with global capital markets. According to figures cited during the panel, roughly $300 billion in stablecoins and about $40 billion in tokenized treasuries and other real-world assets are currently issued on blockchain networks.

Karkhanis characterized these amounts as small relative to more than $200 trillion in global wealth. The comparison underscores that tokenized finance, while expanding, still represents a limited share of overall financial assets.

For comparison platform users tracking crypto liquidity and collateral trends, these figures provide context on the depth of tokenized markets. Stablecoins continue to dominate on-chain representations of fiat value, while tokenized government securities and similar instruments form a smaller but developing segment.

Regulatory and Security Barriers Slow Institutional Scaling

Executives from Franklin Templeton, SWIFT and Ledger identified regulatory clarity and secure key management as primary constraints on wider adoption.

Verma emphasized the need for consistent standards covering accounting treatment, compliance requirements and balance sheet recognition. Without harmonized regulatory frameworks, large-scale institutional deployment remains limited.

Security and governance were also highlighted as critical issues. Jean-Francois Rochet of Ledger pointed to the challenges of managing private keys and implementing institutional controls. For traditional financial institutions, secure custody of cryptographic keys requires both technical infrastructure and organizational adaptation.

These factors influence how quickly banks and asset managers can transition from pilot programs to production-level systems. While tokenization is moving beyond experimental stages, the speakers described the current phase as early-stage infrastructure development rather than full-scale transformation.

Hybrid Financial Models Expected to Coexist

Although blockchain technology is often associated with disintermediation, the panel suggested that traditional intermediaries will continue to play a role. Karkhanis stated that decentralized access and conventional financial intermediaries can coexist within the same system.

Rochet added that while some intermediaries may become less central, those that remain will need to justify their function within a redesigned financial architecture. This reflects an emerging model in which regulated institutions, blockchain networks and digital asset service providers operate in parallel.

For users of crypto betting and online platforms, such hybrid structures may shape how fiat and digital assets interact. Tokenized deposits and on-chain funds could eventually influence settlement cycles, treasury management and cross-border transfers used by licensed operators and their banking partners.

Our Assessment

Statements from Franklin Templeton and SWIFT indicate that tokenized money market funds and digital bank deposits are moving from pilot projects toward early infrastructure deployment. The initiatives focus on continuous availability, cost reduction and interoperability with existing payment systems. At the same time, regulatory consistency, accounting standards and institutional-grade key management remain necessary conditions for broader adoption. Current on-chain asset volumes, including stablecoins and tokenized treasuries, remain small compared with global financial markets, highlighting that tokenization is expanding but not yet systemic in scale.