David Schwartz, Chief Technology Officer (CTO) of Ripple, has commented on the alleged “transaction” of 25.6 billion (almost 15 billion US dollars) XRP on January 14. This amount represented almost half of the total circulating supply of XRP, which stands at approximately 54.26 billion. The supposed transaction was reported by the highly-regarded blockchain tracking service Whale Alert to have originated from an unknown wallet, destined for the crypto exchange Bitfinex.
Subsequent investigations, however, quickly debunked the initial concerns. Paolo Ardoino, the Chief Technology Officer (CTO) at Bitfinex, clarified that the event was not a transaction but an attempted exploit of the “Partial Payments” feature in the XRP Ledger. This revelation came as a relief to many in the crypto community, given the potential implications of such a large movement of XRP.
In a follow-up statement, Whale Alert also admitted to the mistake, stating, “There was an issue with properly reading the Ripple node response, resulting in a few wrong posts. We fixed the issue.” Adding to this, Ardoino shed more light on the situation. He remarked, “Someone attempted to attack Bitfinex via ‘Partial Payments Exploit’. The attack failed since Bitfinex properly handles the ‘delivered_amount’ data field.”
Ripple CTO Clarifies The Incident
Schwartz, known as “JoelKatz” online, provided further clarification on the incident. Contrary to some claims that the partial payment was a security flaw of the XRP Ledger (XRPL), he clarified that the ‘billions of XRP moved’ statement is misleading.
“The actual amount transferred was worth just a few cents. Kudos to Bitfinex and Paolo Ardoino for effectively neutralizing an exploit attempt. What happened here isn’t a flaw or vulnerability with the XRP Ledger. The Partial Payments feature is a standard and secure financial tool,” the Ripple CTO explained.
He further highlighted that Bitfinex handled the exploit attempt properly, which is why they were able to prevent any potential issue. “Today’s thwart is a strong reminder to all institutions and applications – the importance of proper configuration and integration cannot be understated,” Schwartz stressed.
He also directed users to a resource for secure integration with the XRPL’s Proper Payments feature, available at https://xrpl.org/partial-payments.html. The website explains the functionality and potential risks associated with Partial Payments, emphasizing the importance of understanding the delivered_amount metadata field versus the Amount field in a transaction.
The document outlines the differences between transactions with and without the Partial Payment flag. For standard payments, the “Amount” field specifies the exact amount to be delivered, while in partial payments, this field indicates a maximum amount, with the transaction succeeding even if only a portion of the intended value is sent. This functionality, while useful in certain scenarios, can be exploited in poorly integrated systems, leading to potential losses.
At press time, XRP traded at $0.57306.