In a recent incident, an assailant aimed to leverage XRP’s partial payments feature to exploit Bitfinex, attempting a transaction of nearly $15 billion worth of XRP at $0.58 on January 14. Bitfinex’s Chief Technology Officer, Paolo Ardoino, disclosed that the attack, identified as a “partial payments exploit,” was ultimately unsuccessful.
The purported transaction initially surfaced through blockchain tracking on Whale Alert, indicating a transfer of 25.6 billion XRP — almost half of XRP’s circulating supply — from an unidentified wallet to Bitfinex. However, Whale Alert later retracted the post, attributing it to an error in interpreting the Ripple node response.
Ardoino clarified that an individual sought to breach Bitfinex’s security through a partial payments exploit, presuming that the exchange had misconfigured its software to handle such transactions inaccurately.
The modus operandi of a partial payments exploit involves capitalizing on the assumption that a company’s system improperly reads only the amount field of an XRP transaction, set at a high value. The attacker then sends a considerably smaller amount specified in another transaction field, with the intent of receiving credit for the difference.
Despite the attempt, Ardoino highlighted the robust security measures in place at Bitfinex, emphasizing that the exchange effectively manages the ‘delivered_amount’ data field, leading to the failure of the exploit.
Blockchain data also revealed that the same attacker targeted Binance with a 58.9 billion XRP transfer, meeting a similar fate of failure. The incident underscores the ongoing challenges faced by cryptocurrency exchanges in fending off sophisticated exploit attempts.
