Bitfinex thwarts $15B XRP 'Partial Payments Exploit' attack attempt
An attempt to attack Bitfinex via a “Partial Payments Exploit” failed on Jan. 14, according to Bitfinex chief technology officer Paolo Ardoino.
On Jan. 14, Whale Alert flagged a transaction that purportedly moved 25.6 billion XRP worth nearly $15 billion through a single transaction from an unknown wallet to Bitfinex.
The transaction immediately raised concerns within the crypto community, which quickly pointed out that the supposed transaction attempted to move nearly half of XRP’s circulating supply.
However, Ardoino doused the worries when he revealed that the transaction was a “failed” attack on Bitfinex.
“It was an attempt to attack Bitfinex via “Partial Payments Exploit”. Attack failed since Bitfinex properly handles ‘delivered_amount’ data field,” Ardoino added.
Nik Bougalis, Ripple’s former director of engineering, further clarified that the transaction “moved only a few cents,” adding that the Whale Alert code had misunderstood “what this transaction did and, as a result, it is misreporting.”
Whale Alert deleted the suspicious transaction post as of press time, explaining that it had fixed the mistake.
“There was an issue with properly reading the Ripple node response, resulting in a few wrong posts. We fixed the issue,” Whale Alert said.
On-chain data shows the attacker tried a similar move on Binance with a failed transfer of 58.9 billion units of XRP.
Meanwhile, the security incident did not negatively impact XRP’s price, which posted a modest gain of 0.23% to trade at $0.578 as of press time.
The asset’s trading volume has also spiked by more than 77% during the reporting period to over $1 billion.
Partial payments on XRP Ledger
Partial payment is a feature on the XRP ledger that allows a user to send a payment that delivers less than what the amount field indicates.
However, the platform warned that the feature could be used to exploit naive integrations with the XRP Ledger to steal money from exchanges and gateways.
It added:
“If a financial institution’s integration with the XRP Ledger assumes that the Amount field of a Payment is always the full amount delivered, malicious actors may be able to exploit that assumption to steal money from the institution. This exploit can be used against gateways, exchanges, or merchants as long as those institutions’ software does not process partial payments correctly.”
