An incident involving a transaction of nearly $15 billion worth of XRP from an unknown wallet to the Bitfinex exchange, initially reported by the blockchain tracking account Whale Alert, turned out to be an unsuccessful attack.
Whale Alert later deleted the post, citing an issue with reading the Ripple node response that led to an erroneous alert.
Paolo Ardoino, Bitfinex Chief Technology Officer, clarified that the massive transaction was an attempted attack on Bitfinex through a “Partial Payments Exploit.” This exploit relies on the assumption that Bitfinex incorrectly configured its software to process partial payments, a vulnerability that the attacker aimed to exploit.
The mechanics of a partial payments exploit involve tricking a system into recognizing an amount different from what is actually sent. The attacker manipulates a transaction field to show a smaller amount than what is indicated elsewhere, intending to receive credit for the difference from the targeted entity.
Fortunately for Bitfinex, Ardoino revealed that the attack was thwarted because Bitfinex’s system correctly handles the ‘delivered_amount’ data field, rendering the exploit ineffective.
The attacker also attempted a similar attack on Binance, with a 58.9 billion XRP transfer, but this attempt also failed.
Bitfinex has faced security challenges in the past, experiencing a “minor” security incident in November the previous year. In that incident, a customer support agent fell victim to a hacking attempt, leading to phishing attacks on several users. Bitfinex assured its customers that the impact was minimal, and no significant damage occurred. The exchange reported the breach to law enforcement and collaborated with investigative authorities to identify and apprehend the perpetrator.
Founded in 2012 in Hong Kong, Bitfinex has become a significant player in the cryptocurrency industry, holding the 17th place in CoinGecko’s “Trust Score” index among all cryptocurrency exchanges under the leadership of CEO Jean-Louis van der Velde.