Ripple former CTO David Schwartz has addressed concerns that the XRP Ledger may expose users to sandwich attacks, saying the risk is real but overstated.
What A Sandwich Attack Actually MeansA sandwich attack usually happens when a trader’s transaction is spotted before confirmation. An attacker places one transaction before it and another after it, profiting from the price movement created by the victim’s trade.
In plain English, the user gets squeezed. They may still complete the trade, but at a worse price than expected.
This is why the debate matters beyond XRP. It is about whether decentralized trading systems can protect users while still remaining open and permissionless. Every chain and DEX design makes trade-offs. Some prioritize speed. Some prioritize transparency. Some prioritize low fees. But when transactions are visible and markets are liquid enough, sophisticated actors will look for an edge.
Schwartz’s point that the risk is overstated suggests he does not see the issue as an existential flaw for XRPL. Still, acknowledging that the risk exists is important because it keeps the conversation grounded.
Why This Matters For XRPFor XRP, this is less about immediate price and more about network credibility.
If XRPL wants to support serious trading and settlement activity, users need confidence that execution is not easily gamed. That does not mean the network has to eliminate every possible attack vector. No public blockchain can promise that. But it does mean risks should be understood, mitigated, and explained clearly.
The fact that Schwartz is engaging with the issue is useful. Crypto networks often lose trust when developers dismiss user concerns too quickly. A better approach is to separate real risks from exaggerated claims and then discuss practical fixes.
For XRP holders, the takeaway is measured. The sandwich attack debate is not proof that XRPL is unsafe. It is a reminder that as on-chain markets mature, the quality of execution and protection against predatory trading will become part of the adoption story.
In other words, this is not just a technical argument. It is a user-trust issue.
—

















