Last night, a malicious user unsuccessfully attempted to hack Bitfinex using a specific function of the XRP Ledger that allows partial transfers of the Ripple cryptocurrency XRP.
In essence, the idea of the attack was to try to convince Bitfinex’s security systems to accept a fictitious transfer of 15 billion dollars in XRP, when in reality the wallet in question only contained a few cents.
Fortunately, the worst has been avoided even though the transfer of funds in Ripple currency has raised several concerns as it has been counted as approximately half of the circulating supply of the cryptocurrency.
The CTO of Bitfinex, Paolo Ardoino, intervened on X to explain to his stakeholders the failed hack attempt on the exchange.
All the details below.
An attempted hack on Bitfinex ends badly: (falsely) moves $15 billion in Ripple $XRP
Yesterday around 19 UTC, there was an attempted hack on Bitfinex, fortunately unsuccessful, where an unidentified user tried to exploit a feature of the XRP Ledger by fictitiously moving approximately 15 billion dollars in the cryptocurrency of the RIpple project (XRP).
It all started when the on-chain reporting account “WhaleAlerts” posted a now deleted post about the transfer of approximately 25.6 billion XRP tokens, which is just under half of the circulating supply of the asset, from a private wallet to the Bitfinex cryptocurrency exchange.
The community was immediately alarmed by the alleged transactions because usually when a volatile asset like XRP, BTC or ETH is transferred to an exchange, the goal is almost always to liquidate into stablecoin.
In reality, no operation was successful, since the address in question had only a few cents in balance: it was solely an attempt to hack Bitfinex, where the goal was to make the exchange believe that the massive amount of XRP tokens was real.
This morning, the CTO of Bitfinex and CEO of Tether intervened on X to explain to their stakeholders what was happening.
In practice, the hacker exploited the “Partial Payments” functionality present in the XRP Ledger to induce the security systems of the exchange to consider the actual transfer.
This function allows payments that are lower than the amount indicated in the amount field, as long as they are actually present in the reference cryptographic wallet.
Ardoino explained that the attack did not succeed because Bitfinex correctly manages the “delivered_amount” metadata field, which identifies the amount of the payment actually delivered.
The actual transfer only occurred for a few cents of XRP and failed for the remaining huge amount as the sender “did not have enough liquidity”, as shown by the on-chain data.
As explained in the XRP Ledger documents:
“If the integration of a financial institution with XRP Ledger assumes that the Amount field of a payment is always the entire amount delivered, malicious actors could exploit this assumption to steal money from the institution,” the documents state.
The malicious actor withdraws as much balance as possible from another system before the vulnerable institution notices the discrepancy.
According to what emerged after yesterday’s hacking attempt, the attacker also attempted an attack on Binance with a transfer of 58.9 billion XRP, but this also failed.
The issue of cyber attacks is becoming increasingly concerning within the cryptographic community, with more and more individuals attempting to exploit vulnerabilities in the systems of various platforms (both centralized and decentralized) to obtain cryptocurrencies illicitly.
Only in 2023, users have lost nearly 2 billion dollars from scams, thefts, and hacks.
Market analysis and forecast of crypto XRP
The story of the attempted hack against Bitfinex has alarmed the Ripple community, as the alleged transaction using “Partial Payments” had calculated approximately 25.6 billion XRP tokens, equivalent to 47% of the circulating supply of the cryptocurrency.
In particular, we can see how at 19:00 UTC on January 14th, in the XRP-USD market on Bitfinex, the currency in question recorded three consecutive red candles on 15-minute time frames, leading to a 1.7% decrease.
The data is not very serious in itself: if the hack had been successful, the crypto would have lost many more percentage points.
In the following hours, the situation then recovered, bringing XRP back to the pre-dump price and even pushing for a mini rally up to $0.59 per token.
It is very interesting to note how in the 3 highlighted red candles in the exchange hack attempt, exchange volumes of about 80,000 XRP were recorded, while in the single candle at 21:45 (the last green candle of the mini rally) the volumes reached 430,000 XRP.
Looking at the Ripple coin in a longer time frame, we can see how holders have been accumulating XRP tokens since July 2022.
At the moment, the forecasts are positive for the cryptocurrency, which could indirectly benefit from the growth of Bitcoin in the following year, supported by the narrative of the spot ETF and the expected halving in April.
Everything is somehow linked to the performance of the market king and the macroeconomic dynamics of the financial markets that could either favor or hinder investments in high-risk assets such as cryptocurrencies.
On the technical front, we see how XRP is congested within the EMA10 and EMA50 on a weekly time frame, ready for a new upward movement.
The first barrier to be broken by the bulls is the one at $0.74 and subsequently the one at $0.95 where a local maximum was reached in July 2023.
A decisive break of these levels, accompanied by significant volumes, could determine the return to the bullish market for XRP, which consistently offers notable performances to its supporters in every market cycle, despite underperforming BTC.
In the medium term, we expect a return above $2 for the cryptocurrency and the return of market capitalization to the figure of $100 billion, reached in 2017 and missed in the subsequent cycle of 2021.
Source: https://en.cryptonomist.ch/2024/01/15/failed-attempt-to-hack-bitfinex-15-billion-worth-of-ripple-xrp-tokens-mobilized/