RAD Threat Intelligence Dossier — Military-Depth Expansion
This edition expands critical sections into full military-grade intelligence analysis. These are the deepest and most accurate breakdowns of hostile XRPL behavior available anywhere.
Transaction Manipulation — Military Depth
Overview
Transaction manipulation is the most common attack vector on XRPL. It is low-cost, low-risk, ledger-native, and requires no special access.
🔺 Threat Type: Partial Payment Exploit
Attackers weaponize the PartialPayment flag to spoof massive instructed amounts…
Attacker Workflow:
- Chooses target with weak validation
- Sends payment with tfPartialPayment
- Sets instructed amount extremely high
- Delivers dust
- If system trusts instructed amount → compromised
Red Alert: Any project using the “Amount” field in a partial payment is compromised.
Defense Code
if tx.get("Flags") & 0x00020000:
delivered = meta.get("delivered_amount")
if delivered is None or delivered == "0":
reject()
🔺 Threat Type: Fake Pathfinding
Attackers exploit XRPL’s flexible pathfinding to force unwanted IOU routes…
Protocol Note: Whitelist accepted path currencies.
🔺 Threat Type: Dust Probing
Dust probes are micro-transactions used to fingerprint your validation logic…
- Repeated tiny payments
- Tag cycling
- Interval escalation
- New wallet after rejection
Critical: Dust probes almost always precede a real attack.
Wallet Identity Threats — Military Depth
Wallet identity is behavioral, not numerical.
Behavioral Clustering
- Time-of-day patterns
- Dust probe frequency
- Pathing preferences
- Retry behavior
🔺 Threat Type: Burner Rotation Attack
Attackers rotate burner wallets to hide coordinated probing campaigns…
Warning: If a wallet vanishes after failure, it's an attacker.
AMM Exploit Threats — Military Depth
AMMs are high-value targets.
🔺 Threat Type: Initialization Sniping
Attackers snipe your initial pool before you see the first UI update…
- Monitor new liquidity
- Detect imbalance
- Execute swap instantly
Solution: Correct ratios + minimum liquidity thresholds.
🔺 Threat Type: Dust Ratio Testing
Attackers send tiny swaps to identify pricing curve weaknesses.
OTC Threat Playbook — Military Depth
🔺 Threat Type: Fake TXID Injection
Attackers send TXIDs belonging to unrelated transactions…
🔺 Threat Type: Tag Switch Attack
“Oops wrong tag, resend.”
OTC Rule: No refunds. No reversals. No exceptions.
Social Engineering Threats — Military Depth
🔺 Threat Type: Admin Impersonation
Scammers clone your identity and DM your holders…
Defense: RAD runs zero-DM policy.
RAD Defense Matrix (Military Mapping)
- Partial Payments → delivered_amount enforcement
- Sniping → slippage enforcement
- Fake TXIDs → ledger verification
- Burner wallets → behavioral clustering
- Dust probes → threat escalation