Failed Bitfinex Exploit Attempts To Move Billions In XRP

Updater face
Last updated Jan 16, 2024 | 10:28 AM UTC

Yesterday, Sunday 14 January, a failed attempt to transfer $15billion worth of Ripple (XRP) tokens from an unknown wallet to the Bitfinex crypto exchange using an exploit was incorrectly flagged as a success by on-chain whale tracking resource, Whale Alert.

Market observers were given a brief jump scare when it was reported in a now-deleted Tweet from Whale Alert that the $15bn XRP – half the token's market capitalization – had moved from an unknown wallet to Bitfinex.

What would have been the single largest XRP transaction in history was actually just someone attempting to exploit Ripple’s partial payment feature, which allows users to deliver fewer tokens than indicated in the “send amount” field.

Thankfully, the transaction failed thanks to Bitfinex having adequately implemented measures that would thwart such an exploit, as confirmed

Bitfinex's chief technology officer (CTO), Paolo Ardoino.

More specifically, the transfer failed because the sender lacked ample liquidity, but the attacker’s motive was to create a potential opening for a hack by tricking Bitfinex into thinking it was a legitimate transaction. 

With Bitfinex’s security system being correctly configured for XRP Ledger (XRPL), it flagged the transfer as a partial payment and prevented any major losses. 

According to on-chain data, the exploiter attempted to use the same trick with Binance, repeatedly pushing to transfer over 50 billion XRP tokens dozens of times over.

XRP partial payments

A partial payment exploit is when someone an entity sends a payment by inputting a large sum in the “Amount” field, but instead delivers less, for which they will be credited the difference. The hope is that the receiving system isn’t properly configured and will only read the “amount field” of the transaction.

Ardoino, who is also the CEO of stablecoin Tether (USDT), noted in his Tweet that the attack failed because the exchange’s system “properly handles ‘delivered_amount’ data field”.

This is a known attack vector, as stated on the official XRP Ledger website, which highlights the pathway a malicious actor may take, and how to set up the appropriate security measures.

Whale Alert responds

The Whale Alert bot is considered one of the most sophisticated and important tools in the crypto markets. Following the incorrect confirmation of the transaction, its subsequent discovery as being an attempted exploit, and the response of Paolo Ardoino, Whale Alert deleted the Tweet, and posted a response.

Written by

Eddie is a seasoned crypto writer and Bitcoin maximalist.