Bitfinex, the renowned cryptocurrency exchange platform, recently faced a hacking attempt involving an attack known as “Partial Payments Exploit.” Paolo Ardoino, CTO of Bitfinex, revealed that an attacker tried to execute a massive transfer, involving approximately half of the total XRP supply, to the platform.
This incident came to light when Whale Alert, the blockchain tracker and analytics system, shared an update on X about a transaction of 25.6 billion XRP (equivalent to $15 billion) from an unknown wallet to Bitfinex on January 14.
— Paolo Ardoino 🍐 (@paoloardoino) January 14, 2024
Ardoino responded to these allegations through his official Twitter account, clarifying that this massive transfer was, indeed, an attempt to exploit Bitfinex. The attacker utilized the “Partial Payments Exploit” technique, sending a payment delivering less than the indicated amount in the “amount” field of the transaction. This method assumes that the targeted platform has a misconfigured system that only reads the highlighted amount of the XRP transaction.
The attack, however, was unsuccessful due to the security measures implemented by Bitfinex. Ardoino explained that the platform properly handles the “delivered_amount” data field in transactions, preventing the attacker from achieving their goal of exploiting the platform using this method.
After Ardoino’s explanation, the Whale Alert team deleted the original post about the 25.6 billion XRP transfer and issued a correction, admitting there was an issue in reading the Ripple node response.
Following the Failure on Bitfinex, the Attacker Made Another Attempt With Binance
This incident was not unique, as it was revealed that the same attacker also tried a similar attack on Binance with a transfer of 58.9 billion XRP. However, this second attempt also failed, indicating that the security measures across multiple platforms were effective against such exploits.
Bitfinex’s swift response and the effectiveness of its security measures underscore the importance of protections implemented by cryptocurrency platforms to safeguard users’ assets against potential hacking attempts. This incident also emphasizes the constant need for ongoing improvements in defense systems and adaptation to emerging threats.