Bitfinex, Binance thwart massive XRP heist

abdelaziz Fathi

Tether’s sister crypto exchange, Bitfinex, faced an attempted exploit leveraging a feature of the XRP Ledger network. CEO Paolo Ardoino confirmed on X that the exchange successfully thwarted this attempt.

The incident involved an apparent transaction of nearly $15 billion worth of XRP, which is close to half of the token’s $31 billion market capitalization. However, the actual transfer was only a few cents worth of XRP and failed due to insufficient liquidity in the sender’s account.

In addition to Bitfinex, the attacker also attempted a similar exploit on Binance with a transfer of 58.9 billion XRP, which also failed.

The attempted exploit, known as a “partial payments exploit,” was initially detected when the blockchain tracking account Whale Alert reported a transaction of 25.6 billion XRP from an unknown wallet to Bitfinex. The aim of the exploit was to deceive Bitfinex into recognizing the transfer as legitimate, paving the way for a hacking attempt.

Ardoino explained that Bitfinex’s systems identified the transfers as a “partial payment,” a feature of the XRP Ledger that allows a payment to be successful by reducing the received amount. He added that the attack did not succeed because Bitfinex properly processes the ‘delivered_amount’ data field.

Partial payments are designed to facilitate the return of payments without additional costs. However, they are recognized as a potential attack vector. XRP Ledger transactional documents warn that if a financial institution’s integration with the XRP Ledger does not account for the possibility of partial payments, malicious actors might exploit this to siphon funds.

The exploit hinges on the assumption that the targeted company’s system might only read the amount field of an XRP transaction, which is set to a high amount, while the exploiter sends a much lower amount indicated in another transaction field, aiming to be credited for the higher amount.

Whale Alert later retracted its initial post, stating that there was an issue with reading the Ripple node response correctly, leading to some incorrect posts.

Bitfinex was hacked in 2016 to the tune of 119,756 BTC, which was worth $72 million at the time of the hack but is now equivalent to more than $5 billion given the inflation in BTC prices.

In terms of how the hack happened and the identity of hackers themselves, it’s still pretty vague despite indicting two Israeli brothers as partially responsible for the attack. All we know is that Bitfinex’s multi-signature accounts were somehow compromised, and the exchange distributed losses amongst all users to the tune of 36% of their balances.

  • Read this next

    Digital Assets

    Bitcoin nears $62,000, sparking retail buying frenzy

    Bitcoin dashed past the $61,000 barrier on Wednesday, a peak it hadn’t touched since the waning days of November 2021.

    Market News

    OPEC+ Extension of Oil Output Cut Causes Rally

    The dynamics surrounding crude oil are indeed fascinating, given its unique role as both a globally traded commodity and a vital energy source deeply influenced by the OPEC+ alliance’s decisions.

    Institutional FX

    DKK reports 226% growth in 2023 with eyes on African expansion

    “Our numbers are beginning to show how we are powering, the growth required by emerging markets, and we plan for the success of our strategies to continue to thrive in 2024.”

    Industry News

    ‘WTF’ as in ‘What The Fraud?’, Sumsub’s new podcast on digital fraud

    “We found a lack of informative podcasts talking about digital fraud threats and prevention for business owners. So, we decided to dive in and share our expertise along with industry top minds in the ‘What The Fraud?’ podcast.”

    Digital Assets

    Coin Metrics integrates market data from Cboe Digital

    “We are pleased to work with Coin Metrics and believe that having quality and timely data, and systems to analyze that data, will help crypto markets mature as well as evolve to become a core component of a diversified investment portfolio. We are focused on providing access and solutions to the spot and derivatives crypto market in a way which mirrors an investor’s experience with traditional markets.”

    Fintech

    AU10TIX launches KYB solution to address regulatory requirements

    “Our customers have been requesting a comprehensive KYB solution, because money laundering and fraud have become far too prevalent in the corporate world. Our unified KYB/KYC solution is essential for identifying bad actors and maintaining a safe business environment in 2024.”

    Digital Assets

    Japan Is Rapidly Emerging As A Global Leader In Compliant Crypto Payments

    Japan is often hailed as one of the most forward-thinking nations in the crypto industry, with its government taking a very positive stance on the potential of concepts such as Web3. 

    Digital Assets

    Kraken launches institutional arm

    “If you already work with Kraken, you know how much we care about offering high quality products and a client-first experience. We’ve been the leading crypto exchange for more than a decade and through Kraken Institutional, we’ll offer the same deep expertise and cutting-edge technology to propel trading excellence for institutions.”

    Fintech

    Centroid integrates with brokerage solutions provider GTN

    “We are thrilled to integrate GTN into Centroid Bridge, our multi-asset connectivity bridging engine. This integration allows our clients to gain access to the wide range of multi-asset products offered by GTN.”

    <