Failed Exploit Attempt on Bitfinex Involving $15 Billion in XRP

A purported XRP transaction worth nearly $15 billion from an unknown wallet to Bitfinex was part of a failed attempt to exploit partial payments. This was stated by the exchange’s CTO, Paolo Ardoino.

Someone attempted to attack @bitfinex via “Partial Payments Exploit”.
Attack failed since Bitfinex properly handles ‘delivered_amount’ data field.https://t.co/EiGw9UQmmq

(updated with better gif) https://t.co/8I7vlO05ou pic.twitter.com/DxOnJLLkhU

— Paolo Ardoino ? (@paoloardoino) January 14, 2024

Initially, the transfer of approximately half of the market supply of XRP was highlighted by the Whale Alert service. However, the team later deleted the tweet and stated that there was an “issue with correctly reading the Ripple node response, leading to several erroneous messages.”

Ardoino explained that this was an attack on the partial payments function, with the perpetrator expecting the exchange’s software to be improperly configured to handle such transactions.

The exploit assumes that in the case of a partial payment, the system considers the amount from the Amount field, whereas it should use the delivered_amount field, which indicates the actual transfer volume.

Ardoino noted that Bitfinex’s handling of these fields is correctly configured.

According to blockchain explorer data, the unknown party also attempted to attack Binance with a transfer of 58.9 billion XRP. The actual transaction amount was 0.0017 XRP.

Back in November 2023, Bitfinex experienced a “minor security incident” following the compromise of a gadget belonging to a support staff member.