By
Chimamanda U. Martha
April 26th, 2024
Paolo Ardoino explained that the attacker anticipated Bitfinex’s system would be improperly configured to process partial payments.
In a recent turn of events, Bitfinex, a prominent crypto exchange, successfully thwarted a sophisticated cyber attack involving an attempted transaction of nearly $15 billion worth of Ripple’s XRP.
In a post on X, formerly Twitter, Whale Alert, a well-known blockchain tracking entity, initially reported the incident noting that an unknown wallet successfully moved 25.6 billion XRP, nearly half of the token’s total supply, to Bitfinex. However, Whale Alert retracted its statement, attributing the confusion to a misinterpretation of the Ripple node response, resulting in previous posts.
A Failed Attempt
Addressing the situation, Bitfinex’s Chief Technology Officer, Paolo Ardoino, clarified that the transaction was, indeed, an orchestrated attack on the exchange using a “Partial Payments Exploit”.
This intricate strategy aimed to manipulate the exchange into recognizing an incorrect transaction amount set in a different field at an unusually high figure, creating the illusion of a substantial transaction.
The attacker then specifies a much smaller amount in another transaction field, aiming to receive credit for the difference between the stated and actual transaction amounts.
Ardoino explained that the attacker anticipated Bitfinex’s system would be improperly configured to process partial payments. He further stated that the exploit relied on the assumption that the system would only recognize the amount field of an XRP transaction.
Fortunately, the attack failed, and Ardoino attributed the failure to Bitfinex properly handling the “delivered amount data field”.
Someone attempted to attack @bitfinex via "Partial Payments Exploit".
Attack failed since Bitfinex properly handles 'delivered_amount' data field.https://t.co/EiGw9UQmmq(updated with better gif) https://t.co/8I7vlO05ou pic.twitter.com/DxOnJLLkhU
— Paolo Ardoino 🍐 (@paoloardoino) January 14, 2024
This is not the first time the attacker attempted to exploit a crypto exchange in the industry using the same partial payments exploit.
Blockchain data revealed the attacker attempted to use the same method on Binance, but the attack failed due to the robust security measures implemented on the platform.
Trust Score Index
Meanwhile, Bitfinex’s successful defense against the exploit adds another chapter to its cybersecurity track record. In November 2023, the exchange faced a minor security breach when a customer support agent fell victim to a phishing attack.
However, the quick containment of the breach and effective communication with users reassured the community that no customer funds had been compromised. Bitfinex said it reported the incident to law enforcement agencies to help track the offenders.
The company has also navigated various security challenges under the leadership of Jean-Louis van der Velde, who has been with the exchange since 2013.
The exchange, currently holding the 17th position on CoinGecko’s ‘Trust Score’ index for cryptocurrency exchanges, Bitfinex’s recent success in thwarting a substantial exploit is expected to strengthen its reputation among users and the broader digital asset community, reaffirming its dedication to robust security practices.