Bitfinex Reportedly Blocks $15B XRP Exploit as Massive Transfer Fails

A transaction involving nearly $15 billion worth of XRP, equivalent to almost half of the token's $31 billion market capitalization, recently unfolded as a failed exploit attempt on the Bitfinex exchange.

This colossal transfer of 25.6 billion XRP from an undisclosed wallet to Bitfinex initially caught the attention of the cryptocurrency community. Whale Alert, a blockchain tracking account known for reporting significant transfers, first reported on this high-stakes transaction. Later, however, Whale Alert promptly deleted the post, citing an issue with reading the Ripple node response that led to an incorrect alert.

As shown by blockchain data from the transaction, the actual transfer amounted to only a few cents worth of XRP and ultimately failed due to insufficient liquidity on the sender's end.

‍

Bitfinex CTO Reveals the True Nature of the Transaction

Bitfinex Chief Technology Officer Paolo Ardoino elaborated on the true nature of this colossal transaction, labeling it as an attempted attack on Bitfinex through what is known as a "Partial Payments Exploit." 

It appears that the motive behind this audacious move was to fool Bitfinex into accepting the transfer as legitimate, potentially opening the door to a hack.

Bitfinex's robust systems reportedly identified the transfers as "partial payments," a feature of the XRP Ledger that enables a payment to succeed by reducing the amount received. Ardoino commented on the situation, stating:

"Someone attempted to attack @bitfinex via 'Partial Payments Exploit.' Attack failed since Bitfinex properly handles 'delivered_amount' data field."

Partial payments, as revealed in XRP Ledger transactional documents, are a known attack vector. The exploit operates on the assumption that a company has an improperly configured system that reads only the amount field of an XRP transaction. 

To receive credit for the difference, the attacker sends a much smaller amount specified in a different transaction field. 

The attacker's ambitions, however, extended beyond Bitfinex, as blockchain data indicates a similar attempt on Binance with a staggering 58.9 billion XRP transfer. Much like their previous endeavor, this attack also ended in failure.

‍

Bitfinex's Previous Security Incident

In November of the previous year, Bitfinex experienced a "minor" security incident stemming from a hacking attempt on one of its customer support agents. This incident resulted in several users being targeted in a series of phishing attacks between October 30 and November 5. Bitfinex assured its customers that the impact was minimal and no significant damage occurred.