- Hackers attempted to steal 25 billion XRP from Bitfinex.
- Ripple CTO shuts down talk that billions of XRP were ever at risk.
- The exploit relies on unconfigured XRP Ledger integrations.
Cryptocurrency hacks remain an unchecked plague on the industry, with 160 successful attacks in 2023, netting thieves nearly $1.7 billion in stolen funds. However, January 14 saw cybercriminals fail in their attempt to exploit the Bitfinex exchange via the XRP Ledgerโs โpartial paymentsโ feature. Regarding the attack, Ripple CTO David Schwartz maintained that the XRP Ledger is not inherently flawed or vulnerable.
Ripple CTO Dismisses Talk of XRP Ledger Vulnerability
Schwartz moved swiftly to shut down rumors in a recent tweet that the XRP Ledger is inherently flawed or that billions in XRP were ever at risk. The Ripple CTO stated that the partial payments โfeature is a standard and secure financial toolโ and that media coverage of โbillions of XRP movedโ was misleading sensationalism as the amount transferred amounted to just a few cents.
Sponsored
Schwartz praised Bitfinex for handling the incident appropriately by following Rippleโs guidelines for secure configuration and integration of the partial payments function, thus stopping the attempted exploit from ever occurring. With that, Schwartz reminded institutions that โproper configuration and integration cannot be understated.โ
Partial payments are a specialized payment type enabling a flexible payment amount. It allows the transaction sender to send a payment that delivers less than the amount sent, which may be used for returning unwanted payments without incurring additional costs. However, this function can be exploited if an institutionโs XRP Ledger integration is not properly configured.
How Hackers Can Exploit Partial Payments
Hackers can exploit an institutionโs inappropriately configured XRP Ledger integration by sending a large transaction to the institution with a small partial payment of actual funds. This transaction is confirmed, and the vulnerable institution reads the large transaction without cross-checking the amount received.
Assuming all is well, the institution credits the hacker with the large transaction, even though only a small amount of XRP was received. The hacker can then withdraw the ill-gotten funds to another wallet before noticing the mistake.
While the attacker may have completed a field to send 25 billion XRP to Bitfinex using the partial payment feature, engineer โNIKBโ confirmed that the actual partial payment made was $0.001.
On the Flipside
- The incident did not trigger any significant price fluctuations in the price of XRP.
- Ripple CEO Brad Garlinghouse will speak at the World Economic Forumโs Davos conference on January 16.
Why This Matters
With hackers relentlessly targeting vulnerabilities, responsibility falls on exchanges and infrastructure to prevent exploitation. Proper configuration and smart contract design will become vital to blockchain security as the industry expands.
Read about Charles Gasparinoโs mocking of the attempted XRP exploit here:
FOX Journalist Lambasts XRP Army After 25B XRP Incident
Find out about the growing calls to bring the USDC stablecoin to Cardano here:
USDC on Cardano: Weighing Up Growth vs. Decentralization