Ripple CTO Sets Record Straight After Failed XRP Hack

Responding to the recent failed Bitfinex exploit, Ripple CTO maintains the XRP Ledger is secure while blasting sensational reporting.

Ripple CTO David Schwartz talks about XRP.
Created by Kornelija Poderskytė from DailyCoin
  • Hackers attempted to steal 25 billion XRP from Bitfinex
  • Ripple CTO shuts down talk that billions of XRP were ever at risk.
  • The exploit relies on unconfigured XRP Ledger integrations.

Cryptocurrency hacks remain an unchecked plague on the industry, with 160 successful attacks in 2023, netting thieves nearly $1.7 billion in stolen funds. However, January 14 saw cybercriminals fail in their attempt to exploit the Bitfinex exchange via the XRP Ledger’s “partial payments” feature. Regarding the attack, Ripple CTO David Schwartz maintained that the XRP Ledger is not inherently flawed or vulnerable.

Ripple CTO Dismisses Talk of XRP Ledger Vulnerability

Schwartz moved swiftly to shut down rumors in a recent tweet that the XRP Ledger is inherently flawed or that billions in XRP were ever at risk. The Ripple CTO stated that the partial payments “feature is a standard and secure financial tool” and that media coverage of “billions of XRP moved” was misleading sensationalism as the amount transferred amounted to just a few cents.

Schwartz praised Bitfinex for handling the incident appropriately by following Ripple’s guidelines for secure configuration and integration of the partial payments function, thus stopping the attempted exploit from ever occurring. With that, Schwartz reminded institutions that “proper configuration and integration cannot be understated.”

Partial payments are a specialized payment type enabling a flexible payment amount. It allows the transaction sender to send a payment that delivers less than the amount sent, which may be used for returning unwanted payments without incurring additional costs. However, this function can be exploited if an institution’s XRP Ledger integration is not properly configured.

How Hackers Can Exploit Partial Payments

Hackers can exploit an institution’s inappropriately configured XRP Ledger integration by sending a large transaction to the institution with a small partial payment of actual funds. This transaction is confirmed, and the vulnerable institution reads the large transaction without cross-checking the amount received. 

Assuming all is well, the institution credits the hacker with the large transaction, even though only a small amount of XRP was received. The hacker can then withdraw the ill-gotten funds to another wallet before noticing the mistake.

While the attacker may have completed a field to send 25 billion XRP to Bitfinex using the partial payment feature, engineer “NIKB” confirmed that the actual partial payment made was $0.001.

On the Flipside

  • The incident did not trigger any significant price fluctuations in the price of XRP.
  • Ripple CEO Brad Garlinghouse will speak at the World Economic Forum’s Davos conference on January 16.

Why This Matters

With hackers relentlessly targeting vulnerabilities, responsibility falls on exchanges and infrastructure to prevent exploitation. Proper configuration and smart contract design will become vital to blockchain security as the industry expands.

Read about Charles Gasparino’s mocking of the attempted XRP exploit here:
FOX Journalist Lambasts XRP Army After 25B XRP Incident

Find out about the growing calls to bring the USDC stablecoin to Cardano here:
USDC on Cardano: Weighing Up Growth vs. Decentralization

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Samuel Wan

Samuel Wan is a finance professional turned crypto journalist, known for his insightful reporting on market trends, regulatory changes, and technological developments within the digital asset industry. His ability to simplify complex concepts and report the facts has made him a trusted source in the crypto community. Beyond his writing, Samuel is an active mountain biker and gamer.