Ripple and Bitfinex CTOs Explain 25 Billion XRP Exploit Attempt

A recent post from Whale Alert (@whale_alert), a popular whale-tracking service on X, triggered massive concern across the cryptocurrency community. Whale Alert reported a staggering 25 billion XRP transaction, nearly half of the asset’s circulating supply.

This post sparked speculation about the reason for this record-breaking transaction and its potential effects on XRP’s price and the broader market.

Read Also: Ripple CTO Explains Reasons Behind XRP and XLM Price Correlation

David Schwartz, Chief Technology Officer (CTO) at Ripple, swiftly shed light on the situation. The transaction, in fact, never moved the reported amount. Whale Alert simply encountered an error while interpreting XRP Ledger (XRPL) data, leading to a misleading alert.

Whale Alert also released a statement notifying its users of the error and deleted the post immediately.

Clarifying the event, Paolo Ardoino, CTO of Bitfinex, the targeted exchange, revealed it to be an attempted exploit leveraging XRPL’s “Partial Payment” feature. This feature allows senders to specify a desired total amount in the “Amount” field while actually transferring a smaller sum.

The exploit attempt failed, however, due to Bitfinex’s secure handling of partial payments. Unlike some systems that solely focus on the “Amount” field, Bitfinex prioritizes the “Delivered Amount,” ensuring accuracy and preventing manipulation.

After multiple hacks and exploits across the crypto industry throughout last year, these malicious actors have begun their activities again this year.

While the incident triggered initial concern, its resolution showed the importance of responsible reporting and proper system configuration. Schwartz commended Bitfinex and Ardoino for their vigilance and confirmed that no XRPL vulnerability was involved.

The Partial Payment Feature and Potential Exploits

XRPL’s Partial Payment feature can benefit legitimate users. If a user accidentally receives unwanted XRP, they can utilize this feature to return the exact amount without incurring additional fees. However, malicious actors can also target this feature for nefarious purposes.

The exploit modus operandi involves specifying a significant sum in the “Amount” field while sending a significantly smaller amount in reality.

Read Also: “This Makes Me Angry”, Says Ripple CTO David Schwartz. Here’s why

If a system overlooks the “Delivered Amount” or lacks proper partial payment handling mechanisms, it could be tricked into crediting the attacker with the full specified amount, falling victim to the exploit.

As Schwartz emphasizes, this incident serves as a valuable reminder for all institutions and applications using XRPL of the need for proper understanding, integration, and configuration of XRPL features.

With a total circulating supply of 54.2 Billion XRP, a transaction involving almost half of all circulating tokens would have been catastrophic for the market.

However, Bitfinex quickly foiled the attempt, and now the XRP community can turn their attention to positive developments, like the BlackRock CEO’s recent comments on a potential XRP ETF application.

---

Follow us on Twitter, Facebook, Telegram, and Google News