Bitfinex suffered minor phishing attack

[Potato Chips]

Well now Bitfinex was lucky this time. CEO of Bitfinex Paolo Ardoino says there was a hacker that tried to steal $15 Billion of XRP but he did fail to do it.

The failed attack comes from the XRP ledger. https://coinpaprika.com/news/hacker-s-attempt-to-steal-15-billion-in-xrp/

While luck may have played a part on this one as well, I think for the most part, it's because they did a good job -- but please don't let this create a false sense of security on you though haha. After all, it's a custodial platform at the end of the day.

A partial payments exploit works by assuming a company has an improperly configured system that only reads the amount field of an XRP transaction, which is set to a high amount.

In reality, the exploiter sends over a much smaller amount specified in another transaction field and aims to receive credit for the difference.

Ardoino, however, noted the attack failed as “Bitfinex properly handles the ‘delivered_amount’ data field.

Other exchanges should take note of this exploit as well because apparently, they did this with binance too and thankfully failed hence, it wouldn't be odd to think the perps will try this again on other exchanges.

According to blockchain data, the attacker also tried an attack on Binance with a 58.9 billion XRP transfer, which similarly failed.

On another note, next time I think it would be better to create another thread for this

[Darker45]

Well now Bitfinex was lucky this time. CEO of Bitfinex Paolo Ardoino says there was a hacker that tried to steal $15 Billion of XRP but he did fail to do it.

I would have disagreed and wouldn't think that it was mere luck that prevented the attack. Bitfinex had already been a victim of a costly hack in the past. It had also suffered other attacks since then. So, they must have learned lessons and invested more on security.

But when I read the article, I wondered whether it was indeed just luck. It simply mentioned that "the attempt failed because the sender didn't have enough money to carry out the transactions". But what if the sender had that money? Does it mean the attack would have been successful?

[Z-tight]

But when I read the article, I wondered whether it was indeed just luck. It simply mentioned that "the attempt failed because the sender didn't have enough money to carry out the transactions". But what if the sender had that money? Does it mean the attack would have been successful?

To be honest i don't fully understand how the 'partial payments exploit' works, i read the articles on this story but i don't fully understand how an attacker can use it to attack the xrp ledger network. However, i was also curious when i read what you just wrote above, that the sender didn't have enough liquidity to carry out the exploit and that is why it failed, but then again they also said that:

Ardoino, however, noted the attack failed as “Bitfinex properly handles the ‘delivered_amount’ data field.

Everything that happened is not so clear to me, and i would appreciate if someone can explain how this exploit explicitly works and how the exchange was able to stop it.

[tabas]

But when I read the article, I wondered whether it was indeed just luck. It simply mentioned that "the attempt failed because the sender didn't have enough money to carry out the transactions". But what if the sender had that money? Does it mean the attack would have been successful?

To be honest i don't fully understand how the 'partial payments exploit' works, i read the articles on this story but i don't fully understand how an attacker can use it to attack the xrp ledger network. However, i was also curious when i read what you just wrote above, that the sender didn't have enough liquidity to carry out the exploit and that is why it failed, but then again they also said that:

I'm also confused as how it did happened and noting that the hacker was unlucky for that reason. But it seems that there's more to this failed attempt as per the article of Cointelegraph, it also said that the hacker attempted to do it as well with Binance and also failed.
So, IMO, it's not about luck or what not because what happened is that the hacker literally failed with the attempt and these exchanges should give us more of technical on how did it happened but if they don't that's fine. With some description about the attempt, it's like that the hacker after exploiting will do small transfers first for testing and see if it passes through the system of withdrawal. That's the easiest understanding that I've taken from what I've read.