Attack on Bitfinex Exchange Involving $15 Billion XRP Transaction Failed: Paolo Ardoino
Source: AdobeStock / Tomasz Bidermann
A transaction involving nearly $15 billion worth of XRP from an unknown wallet to the Bitfinex exchange as part of a “partial payments exploit” has failed.
The transaction was first brought to the public’s attention by the blockchain tracking account known as Whale Alert, which reported a jaw-dropping transfer of 25.6 billion XRP, nearly half of the cryptocurrency’s circulating supply, from an anonymous wallet to Bitfinex.
Yet, the excitement was short-lived as Whale Alert promptly deleted the post, citing an issue with reading the Ripple node response that led to an erroneous alert.
Subsequently, Bitfinex Chief Technology Officer Paolo Ardoino revealed that the colossal transaction was, in fact, an attempted attack on Bitfinex through what is known as a “Partial Payments Exploit.”
Someone attempted to attack @bitfinex via "Partial Payments Exploit".
Attack failed since Bitfinex properly handles 'delivered_amount' data field.https://t.co/EiGw9UQmmq
(updated with better gif) https://t.co/8I7vlO05ou pic.twitter.com/DxOnJLLkhU
— Paolo Ardoino 🍐 (@paoloardoino) January 14, 2024
This malicious act relied on the assumption that Bitfinex had incorrectly configured its software to process partial payments, a vulnerability that the attacker sought to exploit.
How Does a Partial Payments Exploit Work?
The mechanics of a partial payments exploit hinge on tricking a system into recognizing an amount different from what is actually sent.
The attacker manipulates a transaction field to show a smaller amount than what is indicated in another part of the transaction, aiming to receive credit for the difference from the targeted entity.
Fortunately for Bitfinex and its users, Ardoino revealed that the attack was thwarted because Bitfinex’s system correctly handles the ‘delivered_amount’ data field, rendering the exploit ineffective.
Surprisingly, the attacker’s ambitions did not end with Bitfinex.
Blockchain data also shows that they attempted a similar attack on Binance, this time with a staggering 58.9 billion XRP transfer.
However, just like their previous endeavor, this attack also met with failure.
Hackers Continue to Target Bitfinex
In November last year, Bitfinex experienced a “minor” security incident after one of its customer support agents fell victim to a hacking attempt, leading to several users being targeted in a series of phishing attacks.
The crypto exchange said the incident occurred between October 30 and November 5.
However, Bitfinex assured its customers that the impact was minimal and no significant damage occurred.
The breach occurred through the phishing of a customer support agent, who had access to partial information.
Fortunately, the agent did not have senior permissions and had limited access to supporting tools and help desk tickets, as confirmed by Bitfinex.
The exchange emphasized that its systems remained uncompromised and no customer funds were lost throughout the incident.
The company also said it has reported the breach to law enforcement and is actively collaborating with investigative authorities to identify and apprehend the perpetrator behind the phishing attack.
“We have a strong track record of securing successful convictions against individuals who have attempted to attack our operations in the past,” Bitfinex said.
Founded in Hong Kong in 2012, Bitfinex has established itself as a significant player in the cryptocurrency industry.
Under the leadership of CEO Jean-Louis van der Velde since 2013, the exchange has risen to 17th place in CoinGecko’s “Trust Score” index among all cryptocurrency exchanges.