{"id":9786,"date":"2024-01-15T09:56:32","date_gmt":"2024-01-15T07:56:32","guid":{"rendered":"https:\/\/forklog.com\/en\/failed-exploit-attempt-on-bitfinex-involving-15-billion-in-xrp\/"},"modified":"2024-01-15T09:56:32","modified_gmt":"2024-01-15T07:56:32","slug":"failed-exploit-attempt-on-bitfinex-involving-15-billion-in-xrp","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/failed-exploit-attempt-on-bitfinex-involving-15-billion-in-xrp\/","title":{"rendered":"Failed Exploit Attempt on Bitfinex Involving $15 Billion in XRP"},"content":{"rendered":"<p>A purported XRP transaction worth nearly $15 billion from an unknown wallet to Bitfinex was part of a failed attempt to exploit <a href=\"https:\/\/xrpl.org\/partial-payments.html\">partial payments<\/a>. This was stated by the exchange&#8217;s <span data-descr=\"Chief Technology Officer\" class=\"old_tooltip\">CTO<\/span>, Paolo Ardoino.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Someone attempted to attack <a href=\"https:\/\/twitter.com\/bitfinex?ref_src=twsrc%5Etfw\">@bitfinex<\/a> via &#8220;Partial Payments Exploit&#8221;.<br \/>Attack failed since Bitfinex properly handles &#8216;delivered_amount&#8217; data field.<a href=\"https:\/\/t.co\/EiGw9UQmmq\">https:\/\/t.co\/EiGw9UQmmq<\/a><\/p>\n<p>(updated with better gif) <a href=\"https:\/\/t.co\/8I7vlO05ou\">https:\/\/t.co\/8I7vlO05ou<\/a> <a href=\"https:\/\/t.co\/DxOnJLLkhU\">pic.twitter.com\/DxOnJLLkhU<\/a><\/p>\n<p>\u2014 Paolo Ardoino ? (@paoloardoino) <a href=\"https:\/\/twitter.com\/paoloardoino\/status\/1746625178845471112?ref_src=twsrc%5Etfw\">January 14, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Initially, the transfer of approximately half of the market supply of XRP was highlighted by the Whale Alert service. However, the team later deleted the tweet and <a href=\"https:\/\/twitter.com\/whale_alert\/status\/1746634971870077198\">stated<\/a> that there was an &#8220;issue with correctly reading the Ripple node response, leading to several erroneous messages.&#8221;<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/LGF7m-tMFsEr2LJSVnnMBZ9DPHvjLHxpnutE3JfH11hi5BBXTGfcBXSb4eCAOsboU_wir2PP8FZqXPvbE7cggt-YGoEUMZsvWSCT_P6I3OZduA_f1BomwUePCD8Kq4vgA2v2LoJTk9_A_Uv5usLZlR8\" alt=\"Failed Exploit Attempt on Bitfinex Involving $15 Billion in XRP\"\/><figcaption class=\"wp-element-caption\">Screenshot of the deleted Whale Alert post. Source: <a href=\"https:\/\/cointelegraph.com\/news\/unknown-wallet-xrp-transfer-bitfinex-partial-payments-exploit\">Cointelegraph<\/a>.<\/figcaption><\/figure>\n<p>Ardoino explained that this was an attack on the partial payments function, with the perpetrator expecting the exchange&#8217;s software to be improperly configured to handle such transactions.<\/p>\n<p>The exploit assumes that in the case of a partial payment, the system considers the amount from the Amount field, whereas it should use the delivered_amount field, which indicates the actual transfer volume.<\/p>\n<p>Ardoino noted that Bitfinex&#8217;s handling of these fields is correctly configured.<\/p>\n<p>According to <a href=\"https:\/\/bithomp.com\/explorer\/CC5058CB40081958A40CCF43ECD00DEECC854690D517304FE0F5500458CD8512\">blockchain explorer data<\/a>, the unknown party also attempted to attack Binance with a transfer of 58.9 billion XRP. The actual transaction amount was 0.0017 XRP.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/qQASE-7Sy7-1r0kwle1Itqrq7N0YTs8ZnqAJ0C-mMatAYjyyql2eXtAeT7VDkxyRB_REYrjWw1pvAOMWdHn2jZ57TI6Xgenns9PqPMYoz4jFNwudmRVpEhPNi520-lDhaP3Aw8SqTLi3ZBVaZ_OyAmk\" alt=\"Failed Exploit Attempt on Bitfinex Involving $15 Billion in XRP\"\/><figcaption class=\"wp-element-caption\">Source: Bithomp.<\/figcaption><\/figure>\n<p>Back in November 2023, Bitfinex experienced a &#8220;minor security incident&#8221; following the compromise of a gadget belonging to a support staff member.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A purported XRP transaction worth nearly $15 billion from an unknown wallet to Bitfinex was part of a failed attempt to exploit partial payments. This was stated by the exchange&#8217;s CTO, Paolo Ardoino. Someone attempted to attack @bitfinex via &#8220;Partial Payments Exploit&#8221;.Attack failed since Bitfinex properly handles &#8216;delivered_amount&#8217; data field.https:\/\/t.co\/EiGw9UQmmq (updated with better gif) https:\/\/t.co\/8I7vlO05ou [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9785,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[95,44,112],"class_list":["post-9786","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitfinex","tag-cybercrime","tag-ripple"],"aioseo_notices":[],"amp_enabled":true,"views":"50","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/9786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=9786"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/9786\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/9785"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=9786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=9786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=9786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}