The technical director of the Bitfinex cryptocurrency exchange, Paolo Ardoino, announced that an unknown attacker attempted to bypass the platform’s security systems through the XRP partial payment function, but his attempt was unsuccessful. According to Paolo Ardoino, the attacker used an “exploit of the partial payments feature,” suggesting that the exchange had not properly configured its software to process transactions.
This incident attracted the attention of the crypto community when the security service Whale Alert published information on the social network about the transfer of about 25.6 billion XRP worth approximately $15 billion from an unknown wallet to Bitfinex. The transfer amount should have amounted to almost half of the total amount of XRP in circulation. This post was later deleted.
Ardoino clarified that the unsuccessful attempt to hack the exchange was due to a potential vulnerability in the partial payments function of the XRP registry “delivered_amount”. The attacker relied on the fact that the exchange’s security systems were not properly configured and only read the “amount” field in XRP transactions, for which he specified a high value. However, in reality, the attacker sent a much smaller amount specified in another field of the transaction and tried to trick Bitfinex into crediting the difference to his account.
During the investigation, it was found that the attacker also tried to implement a similar scenario of stealing assets on the Binance exchange in the amount of 58.9 billion XRP. Previously, Paolo Ardoino said that his companies would closely cooperate with American legislative and law enforcement agencies, including compliance with international sanctions against foreign countries.
