- The transaction was an attempt to carry out a partial payments exploit
- The attack works when a platform only reads the “amount” field of a transaction
- The attacker sends a lower amount than listed, gets credit for the difference
An anonymous wallet tried to send XRP worth almost $15 billion to Bitfinex on Sunday, Jan. 14, but the transaction did not go through. According to Bitfinex CTO Paolo Ardoino, quoted by Cointelegraph, the transaction was an attempt to carry out a so-called “partial payments exploit” in yet another scam involving the Ripple token.
What is a partial payment attack?
This type of attack works when a platform, in this case Bitfinex, has a poorly configured system that only reads the “amount” field of a transaction, typically set to a high value. In this case, the amount was almost half of all the XRP in circulation.
The attacker actually sends an amount much lower than the one entered in the transaction field, hoping that the company will send him the credit for the difference.
Blockchain tracker Whale Alert’s X account was the first to notice the attempted transfer. The platform claimed to have seen a transaction worth 25.6 billion XRP from the unknown wallet to Bitfinex.
Later, Whale Alert deleted the post, explaining that they hadn’t read the Ripple node response properly, which led to several wrong posts.
Bitfinex learned its lesson
Ardoino posted on X that an unidentified entity had tried to attack Bitfinex via this type of exploit. However, it didn’t work because the exchange had configured its software to process partial payments correctly. He pointed out the attack failed because the exchange handles the ‘delivered_amount’ data field properly.
Recently, there was a similar attempt to attack Binance. Someone tried to transfer 58.9 billion XRP to the exchange, but failed.
Bitfinex has learned its lesson since the massive hack in 2016, when Ilya Lichtenstein and Heather Morgan stole approximately 120,000 Bitcoin from the crypto exchange. At current prices, this amount is equivalent to $5.2 billion.
As part of a plea deal, Lichtenstein admitted he was behind the hack.The couple both pleaded guilty to money laundering.