A transaction involving nearly $15 billion worth of XRP, which was initially reported as a massive transfer from an unknown wallet to the Bitfinex exchange, has actually failed due to being part of a “partial payments exploit.”
The transaction had garnered significant attention when Whale Alert, a blockchain tracking account, reported the transfer of 25.6 billion XRP, nearly half of the cryptocurrency’s circulating supply, from an anonymous wallet to Bitfinex. However, Whale Alert later deleted the post, citing an issue with reading the Ripple node response that led to an erroneous alert.
Bitfinex’s Chief Technology Officer, Paolo Ardoino, clarified that the colossal transaction was, in reality, an attempted attack on Bitfinex through what is known as a “Partial Payments Exploit.” This incident highlights the ongoing efforts by bad actors to exploit vulnerabilities in cryptocurrency platforms, and it serves as a reminder of the importance of security measures in the crypto industry.
How Does a Partial Payments Exploit Work?
The mechanics of a partial payments exploit involve manipulating a system to recognize a different amount from what is actually sent in a transaction. The attacker typically manipulates a transaction field to show a smaller amount than what is indicated in another part of the transaction, with the aim of receiving credit for the difference from the targeted entity.
In this case, the attacker attempted to execute a partial payments exploit against Bitfinex by altering transaction data. Fortunately for Bitfinex and its users, the attack was unsuccessful because Bitfinex’s system correctly handles the ‘delivered_amount’ data field, preventing the exploit from working.
Remarkably, the attacker didn’t stop with Bitfinex. Blockchain data also indicates that they tried a similar attack on Binance, involving a substantial 58.9 billion XRP transfer. However, this attempt, like the previous one, also failed. These incidents underscore the importance of robust security measures and vigilant monitoring within the cryptocurrency industry to prevent such exploits and attacks.
Hackers Continue to Target Bitfinex
In November of the previous year, Bitfinex encountered a “minor” security incident when one of its customer support agents was targeted in a hacking attempt, resulting in several users being subjected to a series of phishing attacks.
Bitfinex reported that this incident took place between October 30 and November 5. However, the exchange assured its customers that the impact was limited, and there was no significant damage.
The breach occurred as a result of the phishing attack on a customer support agent, who had access to partial information. Fortunately, this agent did not possess senior permissions and had only limited access to supporting tools and help desk tickets, as confirmed by Bitfinex. This incident highlights the importance of robust security measures and employee training to mitigate the risks associated with phishing attacks in the cryptocurrency industry.
Bitfinex underscored that its systems remained uncompromised, and no customer funds were compromised during the incident. The exchange also took proactive measures by reporting the breach to law enforcement and actively cooperating with investigative authorities to identify and apprehend the perpetrator behind the phishing attack.
Bitfinex expressed confidence in its ability to secure convictions against individuals who have attempted to attack its operations in the past, highlighting its track record in this regard.
Founded in Hong Kong in 2012, Bitfinex has established itself as a significant player in the cryptocurrency industry. Under the leadership of CEO Jean-Louis van der Velde since 2013, the exchange has attained a prominent position, ranking 17th in CoinGecko’s “Trust Score” index among all cryptocurrency exchanges. This underscores the exchange’s commitment to security and trust within the crypto community.