1 hour ago
3
Ripple CTO Emeritus David “JoelKatz” Schwartz pushed back against claims that the XRP Ledger (XRPL) is effectively centralized, after founder and CIO of Cyber Capital Justin Bons argued that XRPL’s Unique Node List (UNL) structure makes validators “permissioned” and gives Ripple-aligned entities “absolute power & control over the chain.”
The exchange, sparked by Bons’ broader thread calling for the industry to “reject all centralized ‘blockchains’,” quickly narrowed into a technical dispute over what XRPL validators can and cannot do in practice and what “control” means in a system that relies on curated validator lists rather than Proof-of-Work or Proof-of-Stake.
The XRP Ledger Centralization Allegation
In his thread, Bons lumped Ripple alongside Canton, Stellar, Hedera, and Algorand as networks with permissioned or semi-permissioned elements. His XRPL-specific charge was straightforward: because XRPL nodes typically rely on a published UNL, “any divergence from this centrally published list would cause a fork,” which in his view concentrates power in the hands of whoever publishes that list.
Bons framed it as a binary question: “either fully permissionless or it is not” and argued that even partial permissioning is a deal breaker. He also extended the critique into a broader institutional-adoption thesis: banks and incumbents may prefer controlled environments, but “those institutions will be left behind,” while “crypto natives” win by building and using fully permissionless systems.
Schwartz’s opening rebuttal attacked the logic of Bons’ “absolute power” framing. “‘…effectively giving the Ripple Foundation & company absolute power & control over the chain…’” Schwartz wrote, calling it “as objectively nonsensical as claiming someone with a majority of mining power can create a billion bitcoins.”
Bons responded that he wasn’t alleging supply manipulation or fund theft, but insisted majority influence can still matter. “They can not steal funds, either, but they could potentially double-spend & censor,” Bons said. “Which, again, is exactly the same if someone controlled the majority of mining power in BTC.” He then suggested they debate live on a podcast.
Schwartz rejected the equivalence on mechanics, emphasizing that XRPL nodes do not accept censorship or double-spend behavior simply because a validator says so. “That’s not true. XRPL and BTC don’t work the same,” Schwartz wrote. “You count the number of validators that agree with your node and your node will not agree to double spend or censor unless you, for some reason, want it to.”
He continued the point across multiple posts, leaning on a simple intuition: a dishonest validator is not an oracle; it’s just one vote. “If a validator tried to double spend or censor, an honest node would just count it as one validator that it did not agree with.”
What Schwartz Says The Real Attack Looks Like
Schwartz acknowledged there is still a failure mode, but described it as a liveness problem rather than a theft or double-spend scenario. “Validators could conspire to halt the chain from the point of view of honest nodes,” he said. “But that’s the XRPL equivalent of a dishonest majority attack except they never get to double spend. The cure is to pick a new UNL just as with BTC you’d need to pick a new mining algorithm.”
He also argued the empirical record matters, contrasting XRPL with other major networks. “The practical evidence tells this story,” Schwartz wrote. “Transactions are discriminated against all the time in BTC. Transactions are maliciously re-ordered or censored all the time on ETH. Nothing like this has ever happened to an XRPL transaction and it’s hard to imagine how it could.”
Schwartz later laid out a more detailed explanation of XRPL’s consensus model, emphasizing fast “live consensus” rounds—“every five seconds”—where validators vote on whether a transaction is included now or deferred to the next round. In that framing, the system’s key requirement is not blind trust in validators, but agreement on whether a transaction was seen before a cutoff.
He argued XRPL needs a UNL for two reasons: to prevent an attacker from spawning unlimited validators that force excessive work, and to prevent validators from simply not participating in a way that makes consensus impossible to measure. “That’s it. There’s no control or governance here other than coordinating activation of new features,” Schwartz wrote, adding that validators cannot force a node to enforce rules it does not have code for.
Schwartz closed with a longer, unusually candid rationale: that XRPL’s architecture was intentionally built to reduce Ripple’s ability to comply with demands to censor, even if Ripple itself wanted to be trusted.
“We carefully and intentionally designed XRPL so that we could not control it,” he wrote. “Ripple, for example, has to honor US court orders. It cannot say no… We absolutely and clearly decided that we DID NOT WANT control and that it would be to our own benefit to not have that control.”
He added a blunt incentive argument: even if Ripple could censor or double-spend, using that power would destroy trust in XRPL and therefore destroy the network’s utility. “And the best way to be able to say ‘no’ is to have to say ‘no’ because you cannot do the thing asked,” Schwartz wrote.
At press time, XRP traded at $1.3766.
English (US) ·