Table of Contents
- Bitfinex Thwarts Exploit Attempt
- What Is A Partial Payments Exploit?
- Bitfinex’s Regulatory Challenges
Cryptocurrency exchange Bitfinex has revealed it has successfully repelled an attempt to exploit $15 billion worth of XRP tokens on the platform that were associated with an attempt using an unsuccessful partial payments exploit.
The failed transfers spooked market watchers, especially since they amounted to half of the XRP token’s market capitalization.
Bitfinex Thwarts Exploit Attempt
The failed attempt was confirmed by Bitfinex Chief Technology Officer and CEO Paolo Ardoinom, who posted about the attempt on social media platform X. According to Ardoino, the would-be attacker used a feature of the XRP LEDGER network to attempt to exploit the Bitfinex crypto exchange unsuccessfully. The blockchain tracking account Whale Alerts brought the incident to light, which reported a significant transfer of 25.6 billion XRP from an unidentified wallet to the Bitfinex exchange.
However, the actual transfer was only for a few cents worth of XRP and failed because the sender did not have enough liquidity, according to blockchain data. The attacker’s motive was to trick Bitfinex into thinking the transfer was genuine, potentially opening the exchange up for a hack. However, Bitfinex’s security systems flagged the transfer as a partial payment, a feature of the XRP ledger that allows a payment to succeed by reducing the amount received.
“Someone attempted to attack @bitfinex via “Partial Payments Exploit.” Attack failed since Bitfinex properly handles the ‘delivered_amount’ data field.”
What Is A Partial Payments Exploit?
A partial payments exploit functions on the assumption that a company has an improperly configured system that reads only the amount field of an transaction. This field is typically set to a high amount. However, in reality, the attacker sends across a much smaller amount specified in a different transaction field, aiming to receive the credit for the difference. However, Adroino revealed that the attack failed because Bitfinex properly handles the “delivered_amount” data field.
Blockchain data revealed the attacker tried a similar attack on BINANCE with a 58.9 billion XRP transfer. However, this transfer also failed.
Partial payments are helpful in returning payments without incurring additional costs. According to XRP Ledger transactional documents, these are known attack vectors.
“If a financial institution’s integration with the XRP Ledger assumes that the Amount field of a Payment is always the full amount delivered, malicious actors may be able to exploit that assumption to steal money from the institution. The malicious actor withdraws as much of the balance as possible to another system before the vulnerable institution notices the discrepancy.”
Bitfinex’s Regulatory Challenges
Last week, Bitfinex UK implemented several changes to its platform, requiring customers to adopt the new rules. The new rules primarily impact customers who registered their accounts on or after the 1st of November, 2023. Under the new regulations, these users are no longer eligible to apply for individual account verification, with the exchange stating the policy is now permanent.
However, the shift is not restricted to individual investors; crypto investors are also impacted.
Bitfinex now restricts account verification to “High Net Worth” individuals, meaning traders must meet specific financial criteria. Additionally, Bitfinex may request additional documentation and information to verify compliance with UK laws.
