A $200,000 XRP account was rendered inaccessible after its owner accidentally created a nested multisignature setup on the XRP Ledger (XRPL), exposing a technical quirk in how multisign operates — and sparking development of a major fix.
What Happened?
An XRP Ledger user contacted developer Wietse Wind after discovering that their account — holding roughly $200,000 worth of XRP — could no longer be accessed. The issue stemmed from a multisignature configuration gone wrong: the user set up multisign for their own account and for the accounts designated as signers, creating what’s known as a nested multisign setup.
“On the XRP Ledger (XRPL), nested multisign refer to a multisignature account that includes other multisignature accounts as its signers. Multisign (multisignature) means multiple accounts must approve a transaction before it can be executed. Nested multisign occurs when one of the designated signers is itself a multisign account that also requires multiple approvals, creating a layered approval structure.”
While the XRPL technically allows nested multi-signatures, the way it currently validates signatures means such arrangements can create an irreversible condition — even if all private keys are available, the network won’t accept the required signatures. As a result, the user became permanently locked out of their wallet.
Proposed Solution
Rather than leave the problem unresolved, Wind and contributors developed a protocol amendment designed to support nested multisignature validation properly. This amendment has already been submitted to the XRPL codebase for inclusion in a future software release.
If the amendment gains the necessary support from network validators — typically more than 80% approval for two weeks — it would be activated as part of an official XRPL upgrade. Once incorporated, the update would allow nested signer lists to function correctly and enable the locked user to finally regain access to their funds.
Community Impact
The incident has resonated strongly within the XRP community, not only due to the size of the locked balance but also because it highlights an edge case in multisign configurations that developers had not anticipated. The proposed fix aims to prevent similar lockouts in the future, offering a more flexible and robust multisign infrastructure on the XRPL.
Until the amendment is approved and released, the user’s funds remain inaccessible — a reminder that on decentralized ledgers like XRPL, “code is law” and certain conditions can’t be reversed without a network-wide change.