In a dramatic turn of events, a transaction involving nearly $15 billion worth of XRP from an unidentified wallet to the Bitfinex exchange, initially believed to be a massive transfer, has turned out to be a thwarted hacking attempt through a “Partial Payments Exploit.”
The incident was initially highlighted by Whale Alert, reporting a staggering transfer of 25.6 billion XRP, almost half of the cryptocurrency’s circulating supply, to Bitfinex from an anonymous wallet. However, the excitement was short-lived as Whale Alert retracted the post, attributing it to an issue with reading the Ripple node response that led to an erroneous alert.
Subsequently, Bitfinex Chief Technology Officer Paolo Ardoino clarified that the colossal transaction was, in fact, an attempted attack on Bitfinex using a “Partial Payments Exploit.” This exploit relies on the assumption that Bitfinex incorrectly configured its software to process partial payments, a vulnerability the attacker sought to capitalize on.
The mechanics of a partial payments exploit involve manipulating a transaction field to display a smaller amount than what is actually sent, aiming to receive credit for the difference from the targeted entity. Fortunately, Bitfinex’s system correctly handles the ‘delivered_amount’ data field, rendering the exploit ineffective and safeguarding the platform and its users.
Interestingly, the attacker also attempted a similar attack on Binance, this time with a massive 58.9 billion XRP transfer. However, just like the previous endeavor, this attack also ended in failure.
This incident follows a minor security breach at Bitfinex in November of the previous year when a customer support agent fell victim to a hacking attempt, leading to phishing attacks targeting several users. Bitfinex assured customers that the impact was minimal, emphasizing that its systems remained uncompromised, and no customer funds were lost.
The exchange promptly reported the breach to law enforcement and is actively cooperating with investigative authorities to identify and apprehend the perpetrator behind the phishing attack. Bitfinex underscored its commitment to security, citing a strong track record of securing successful convictions against individuals attempting to attack its operations in the past.
Established in Hong Kong in 2012, Bitfinex has become a significant player in the cryptocurrency industry, ranking 17th in CoinGecko’s “Trust Score” index among all cryptocurrency exchanges under the leadership of CEO Jean-Louis van der Velde since 2013.