Bitfinex successfully mitigates $1.5 billion XRP transfer attack, while Binance also dodges the bullet
On 1/15, cryptocurrency exchanges Bitfinex and Binance successfully thwarted an attack that attempted to exploit part of Ripple XRP's partial payment functionality. The attack aimed to involve up to billions of dollars' worth of XRP.
Table of Contents
Massive Transfer Turns Out to Be a Ruse: Attacker Attempts to Exploit Partial Payment Vulnerability
According to Bitfinex CTO Paolo Ardoino, an attacker attempted to exploit the partial payment feature of XRP to attack their cryptocurrency exchange, but ultimately was unsuccessful. Initially, the blockchain tracking account Whale Alert discovered a transfer of nearly $1.5 billion worth of XRP from an unknown wallet to Bitfinex. However, this transaction never actually occurred but was an attempt by the attacker to exploit a "partial payments exploit."
Btw @whale_alert can you fix your explorer and alert notifications to show the right amount? https://t.co/p9M1frEIo3
โ Paolo Ardoino ๐ (@paoloardoino) January 14, 2024
Whale Alert's Mistaken Alert
After realizing the issue, Whale Alert deleted its previous tweet and stated that some erroneous publications occurred due to problems with correctly reading Ripple nodes.
๐ ๏ธ There was an issue with properly reading the #Ripple node response, resulting in a few wrong posts. We fixed the issue.
โ Whale Alert (@whale_alert) January 14, 2024
Operation of the Partial Payment Vulnerability
The principle of the partial payment vulnerability assumes that a company's system is improperly configured to only read the "amount" field in XRP transactions, which is set to a high amount. In reality, the amount sent by the attacker is much smaller than the amount specified in another transaction field, with the aim of obtaining credit for the difference from the company.
Bitfinex and Binance Successfully Defend Against Attacks
Fortunately, Ardoino pointed out that the attack failed because "Bitfinex correctly handled the 'delivered_amount' data field." According to blockchain data, the attacker also attempted a similar attack on Binance, trying to transfer 58.9 billion XRP, but also without success.
This incident once again highlights the importance for cryptocurrency exchanges to remain vigilant and continuously enhance their security defenses against increasingly sophisticated cyber attacks.