A feature of the XRP Ledger network was leveraged in an unsuccessful exploit attempt on famous crypto exchange Bitfinex, CEO Paolo Ardoino stated in an X post on Monday.
roughly $15 billion worth of XRP were reported by on-chain service WhaleAlerts to be moved in an alleged transaction early Monday — equivalent to roughly half of the token’s $31 billion market valuation.
Blockchain data from the transaction indicates that the sender “did not have enough liquidity” for the small amount of XRP that was actually transferred.
The intention was to appear to be deceiving Bitfinex into accepting the transfer as authentic, which would have allowed for the possibility of a hack. The transfers, however, were detected by Bitfinex’s systems as a “partial payment,” an XRP Ledger function that permits a payment to be successful by lowering the amount received.
“Partial Payments Exploit” was used by someone to try to attack Bitfinex, according to Ardoino on X. “Attack failed because Bitfinex handles the ‘delivered_amount’ data field properly.”
It is helpful to reimburse payments in part without adding to one’s own expenses. Transactional documents from the XRP Ledger demonstrate that this is a known attack vector.
Malicious actors may be able to take advantage of this assumption and steal money from financial institutions “if a financial institution’s integration with the XRP Ledger assumes that the Amount field of a Payment is always the full amount delivered,” according to the docs.
“The malevolent actor endeavours to extract the maximum amount of balance into a different system prior to the susceptible institution detecting the disparity.
Concerns about security are still quite real in the larger bitcoin industry. Users lost around $2 billion in 2023 as a result of cyberattacks, frauds, and rug pulls.