XLS-70 Credentials Will Kill the Anonymous XRPL Issuer
The Problem Is Not the Technology
Over 7,000 tokens have been issued on XRPL. Most of them are worthless, and every XRPL user knows it. That's not a technology problem. The ledger settles in 3-5 seconds, fees are fractions of a cent, and trustlines give token holders explicit opt-in control. The infrastructure is solid. The problem is that anyone, anywhere, with no identity and no accountability, can issue a token in minutes. That permissionlessness is a feature for some use cases. For real-world asset issuance, institutional adoption, and regulated financial products, it is a fatal flaw. XLS-70d credentials are the fix.
Credentialed Issuers Are Not a Restriction. They're a Signal.
Here's the stance: the XRPL ecosystem will not escape the meme-coin perception trap until the on-chain record can distinguish a verified issuer from an anonymous one. Not off-chain. Not through a website anyone can copy. On-chain, verifiably, at the protocol level.
XLS-70d introduces a Credential object to the XRPL ledger. A credential is issued by an attesting authority to a subject account. It records what was attested, when the credential expires, and a URI pointing to supporting documentation. The credential lives on-chain. It can be checked by anyone. It can be required by DEX pools and token mechanics that use deposit authorization.
This flips the default. Right now, the default for any XRPL token is: unknown issuer, unknown backing, unknown legal status. You have to go off-chain and do your own research to find out who is behind a token, if you can find out at all. With XLS-70d credentials, the default can become: here is a verifiable, on-chain attestation about this issuer, issued by an authority you can evaluate and choose to trust.
That is a structural change to how trust works on XRPL. It's not cosmetic.
What the Spec Actually Unlocks
The XLS-70d amendment, which has been under discussion and development in the XRPL community, introduces several concrete mechanics worth understanding.
First, credentials are issued account-to-account. An attesting organization holds an issuer account on XRPL and writes credentials to subject accounts. The credential includes a credential type, an optional URI, and an expiration. The subject can choose to accept the credential, making it publicly visible, or leave it pending.
Second, credentials can be used as deposit authorization conditions. This means a liquidity pool or token issuer can require that anyone interacting with a particular mechanism holds a specific credential. This is how permissioned DeFi becomes possible on XRPL without rebuilding the entire protocol. You don't need a separate chain or a whitelist maintained off-chain. The credential itself is the access control.
Third, credentials can expire. A credential issued today can be set to lapse in 12 months. This forces credential issuers to build renewal processes, which is exactly how real compliance works. A KYC check from three years ago is not the same as a current one.
The combination of these three mechanics means XRPL can now support token issuance workflows that are actually compatible with how regulated institutions need to operate. A securities issuer can require that all holders hold a valid accreditation credential. A stablecoin issuer can require KYC credentials from a set of trusted attestors. An RWA platform can publish its own credentials and let the market decide whether to trust that attestor.
What This Means If You Hold Tokens or Build on XRPL
If you hold XRPL tokens, you now have a practical question to ask about any token you're evaluating: does the issuer account hold any on-chain credentials, and if so, who issued them? An uncredentialed issuer isn't automatically a scam. But an issuer who has gone through a credentialing process with a reputable attestor is making a falsifiable, on-chain commitment. That's a meaningful difference.
If you're building on XRPL, the credential system changes your architecture options significantly. You no longer have to choose between a fully open, permissionless token and a fully closed, custodial system. You can build permissioned pools that are open to any account holding the right credential, issued by any attestor you designate. That middle ground is where most real financial products need to live.
Builders who ignore this will fall behind. The issuers who credential early will establish the market expectation. By the time credentials are standard, uncredentialed issuers will look the way unverified sellers look on any mature marketplace: suspicious by default.
Where Rhyzlo Fits
Rhyzlo is building the trust infrastructure layer that makes credentials legible and actionable for XRPL users. When you look up a token or issuer account on Rhyzlo, you can see the on-chain signals associated with that account, including credential data as the XLS-70d amendment matures on mainnet. The goal is straightforward: no one should have to manually decode ledger objects to figure out whether an issuer has made verifiable commitments about who they are. Rhyzlo surfaces that information clearly, so trust becomes something you can evaluate in seconds rather than something you have to research for hours.
Check Your Issuers Before the Market Does It For You
Look up any XRPL token issuer at rhyzlo.com and see what the on-chain record actually says about who you're trusting.