Advertisement

Updated January 15th, 2024 at 12:47 IST

Bitfinex faces partial payment exploit attempt worth $15 billion in XRP

The transaction initially garnered attention through the blockchain tracking account Whale Alert, which reported a transfer of 25.6 billion XRP.

Hacker
Representative | Image:Unsplash
Advertisement

Partial payment exploit: A transaction involving nearly $15 billion worth of XRP, with a recorded ticker of $0.58, from an unidentified wallet to Bitfinex on January 15, was revealed to be part of a failed ‘partial payments exploit.’ Bitfinex's Chief Technology Officer, Paolo Ardoino, clarified that the transfer did not go through and that it was an attempt to exploit the exchange's system.

The transaction initially garnered attention through the blockchain tracking account Whale Alert, which reported a transfer of 25.6 billion XRP, nearly half of the circulating supply, to Bitfinex from an unknown wallet. However, Whale Alert later deleted the post, citing an issue with correctly interpreting the Ripple node response, leading to inaccurate posts.

Advertisement

Ardoino detailed that the attacker tried to exploit Bitfinex through a Partial payments exploit, assuming that the exchange had incorrectly configured its software to process partial payments. 

What are Partial payment exploits?

Partial payment exploits involve attackers exploiting perceived vulnerabilities in transaction processing. The exploit assumes that the targeted exchange has incorrectly configured its system to only read the ‘amount’ field of a transaction. In this attack, the exploiter sends a transaction with a high ‘amount’ field but specifies a much smaller amount in another transaction field. 

The goal is to receive credit for the difference from the exchange. The attacker anticipates that the exchange's system only considers the ‘amount’ field, creating a discrepancy. Successfully handling this exploit requires exchanges to properly manage additional transaction fields, like the "delivered_amount" data field. Awareness of such vulnerabilities is crucial for maintaining the security and integrity of blockchain exchanges.

Advertisement

Fortunately, the attack failed as Bitfinex appropriately handles the 'delivered_amount’ data field. Additionally, blockchain data indicates that the attacker also attempted a similar attack on Binance with a 58.9 billion XRP transfer, which also ended in failure.

Advertisement

Published January 15th, 2024 at 12:47 IST

Your Voice. Now Direct.

Send us your views, we’ll publish them. This section is moderated.

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Whatsapp logo