15 January 2024
A transaction involving a whopping 25.6 billion XRP (valued at nearly $15 billion), nearly half of the total circulating supply of approximately 54.26 billion, raised alarm within the crypto sector in the late evening of January 14. The transfer was reported to have originated from an unknown wallet to the cryptocurrency exchange Bitfinex.
Were 25.6 Billion XRP Really Moved?
However, further investigation revealed this to be a failed attempt at exploiting the “Partial Payments” function of the XRP Ledger, as confirmed by Paolo Ardoino, Chief Technology Officer (CTO) at Bitfinex.
The incident first came to public attention when Whale Alert, a renowned blockchain tracking platform, reported the massive transaction on X. This initial report, which was later retracted, created a stir in the market, raising concerns over a potential security breach in the XRP Ledger that could severely impact XRP’s market price.
Whale Alert acknowledged the error in their reporting with a clarification: “There was an issue with properly reading the Ripple node response, resulting in a few wrong posts. We fixed the issue.” Paolo Ardoino, who also holds the position of CEO of Tether, provided further insight into the incident, stating: “Someone attempted to attack Bitfinex via ‘Partial Payments Exploit’. Attack failed since Bitfinex properly handles the ‘delivered_amount’ data field.”
Ardoino also referenced a section on xrpl.org that explains partial payments in detail. This feature of the XRP Ledger allows a sender to enable a “Partial Payment” flag, resulting in the delivery of an amount less than what is indicated in the Amount field.
The exploit lies in the ability to manipulate this feature to deceive exchanges and gateways. The crucial factor in preventing such exploits is for platforms to use the ‘delivered_amount’ metadata field, rather than the Amount field, to determine the actual amount transferred.
In this particular case, the attacker only sent 16 XRP – a stark contrast to the reported 25.6 billion XRP. This small transaction triggered an alert to the on-chain monitoring system due to the way the Whale Alert systems process and report transactions.
Attacker Tried Other Exchanges As Well
Additionally, blockchain data revealed that similar failed attempts were made on other prominent cryptocurrency exchanges. Binance faced an attempted transfer of 58.9 billion XRP, and Bitstamp was targeted with a 26,200,000 XRP transfer. These transactions, like the one aimed at Bitfinex, were part of the exploiter’s strategy and did not result in the transfer of significant sums of the cryptocurrency.
At press time, the market price of XRP showed resilience against these incidents, maintaining stability at $0.58. Nevertheless, the XRP bears showed their strength again with yesterday’s weekly close. The price closed below the critical resistance of the 0.5 Fibonacci retracement level at $0.59. However, the bulls at least managed to defend the 200-day exponential moving average (EMA).