XRPL Security Edge, Gravity Halt, SoFi Stablecoin

Welcome to our Crypto news in 10, a daily podcast bringing you the latest news about crypto in under 10 minutes.

Here’s your quick tour for Sunday, May 31.

We’ve got a fresh technical twist from the XRP Ledger — a proposal that leans on XRPL’s architecture to shut the door on flash‑loan exploits... a weekend security incident on Cosmos’s Gravity Bridge that forced a halt while teams respond... a banking milestone as SoFi turns on its in‑app, bank‑issued stablecoin... Europe officially opens a MiCA rulebook review with a summer deadline... and ETF flows telling a story of rotation, with XRP funds adding capital even as bitcoin and ether products saw redemptions.

Let’s get into it.

[BEGINNING_SPONSORS]

Story one: the XRP Ledger is turning a security feature into a selling point.

A draft amendment tied to XRPL’s automated market maker upgrade explains why classic flash‑loan attacks — the kind that have cost DeFi hundreds of millions — are structurally impossible on XRPL. The reason is simple: transactions are atomic, but not composable within a single transaction, so you can’t chain the borrow — manipulate — repay sequence those loans require.

It’s a trade‑off — XRPL forgoes some one‑click capital efficiency that Ethereum’s DeFi relies on — but it slams the door on a whole class of exploits.

The timing matters. Recent high‑profile hacks at Drift and KelpDAO alone topped 600 million dollars, and Thorchain was hit for roughly 10.8 million in mid‑May. Bridges, meanwhile, have lost over 2.8 billion since 2021.

If XRPL’s AMM improvements land and liquidity grows, that built‑in resistance could appeal to institutions weighing security versus composability. That draft — and the framing — dropped early today.

Story two: a rough weekend for Cosmos bridging.

Gravity Bridge — the link moving assets between Ethereum and Cosmos — was drained of about 5.4 million dollars on Saturday in what researchers say looks like a compromised signing key rather than a smart‑contract bug. The team asked validators to halt the chain while they investigate and coordinate recovery efforts.

Security‑wise, this fits a 2026 pattern: attackers keep finding the weakest operational link — especially around bridges and keys. If you have funds routed through Gravity, keep an eye on validator and official team channels for the green light to resume activity... they halted operations to contain the blast radius and trace funds.

Not the headline anyone wanted heading into Sunday — but it’s the right containment move.

Story three: a first for U.S. banking meets stablecoins.

SoFi says SoFiUSD — the company’s dollar‑backed stablecoin issued by SoFi Bank, N.A. — is now live inside the SoFi app, with support to buy, sell, hold, and convert. SoFi is positioning it as the first stablecoin issued by a U.S. national bank to launch directly on a banking platform.

It’s live on Ethereum and Solana to start, and SoFi’s roadmap includes the option to convert SoFiUSD into tokenized deposits — so members could earn interest and access FDIC insurance once that feature is switched on — plus a listing on Bullish to deepen liquidity.

For day‑to‑day users, this is a clear example of a regulated banking front end meeting public‑chain rails... and it lands while Washington is actively debating stablecoin yields and guardrails. Watch how quickly SoFi extends on‑chain transfers and payments — that’s where the user‑visible utility shows up.

[MIDPOINT_SPONSORS]

Story four: Europe opens the hood on MiCA.

The European Commission has launched a public and targeted consultation to review whether the Markets in Crypto‑Assets regulation — MiCA — still fits a fast‑moving market. The consultation runs through August 31 at 23:59 CEST, and covers scope and definitions, the treatment of stablecoins, CASP licensing, staking, DeFi, NFTs, and more.

For companies serving EU users, this isn’t just a survey — it’s a chance to flag friction before MiCA’s transitional arrangements fully end this summer. Expect a flood of responses from exchanges, custodians, and stablecoin issuers; some national regulators have already warned that operating without authorization after the transition could breach EU law.

If you operate in — or market to — the EU, circle that August 31 deadline.

Story five: ETF flows show a weekend‑worthy plot twist.

In the final stretch of May, U.S.‑listed spot XRP ETFs pulled in roughly 35 million dollars between May 20 and May 29 — including nearly 12 million on Friday — while bitcoin and ether funds together saw about 2 billion dollars in outflows over the same window. It’s a small category next to bitcoin’s more than 94 billion in ETF assets, but the divergence is notable and suggests investors are testing new narratives while majors cool.

Prices didn’t moon on the news — XRP hovered around a dollar thirty, even with the inflows — but it’s evidence that flows are no longer a one‑way BTC story. If that rotation continues into June, watch for secondary effects across liquidity pairs and market‑making spreads.

Quick recap before you head out: XRPL is leaning into a security‑by‑design edge as it readies automated market‑maker upgrades... Gravity Bridge suffered a 5.4 million dollar weekend exploit and paused to contain damage... SoFi flipped the switch on a bank‑issued stablecoin right inside its app... Brussels opened a full MiCA review with feedback due August 31... and ETF flows hinted at rotation, with XRP funds adding capital while bitcoin and ether products saw late‑May redemptions.

We’ll keep tracking the fallout from the Gravity incident — and how fast SoFi turns stablecoin rails into everyday features. See you tomorrow.

Thanks for listening and see you tommorow!