Share this article
In Failed Bitfinex Exploit Attempt, Billions in XRP Moved
The failed token transfers spooked some market watchers as they amounted to nearly half of XRP’s $30 billion market capitalization.
Updated Mar 8, 2024, 7:57 p.m. Published Jan 15, 2024, 6:48 a.m.
A feature of the XRP Ledger network was used in an unsuccessful exploit attempt on prominent crypto exchange Bitfinex, chief technology officer Paolo Ardoino confirmed in an X post on Monday.
Nearly $15 billion worth of XRP were flagged by on-chain service WhaleAlerts to be moved in an apparent transaction early Monday – amounting to nearly half of the token’s $31 billion market capitalization.
STORY CONTINUES BELOW
But the actual transfer was just for a few cents worth of XRP, and failed as the sender “did not have enough liquidity,” blockchain data from the transaction shows.
This tweet is misleading. The transaction in question did not transfer 25B XRP.
— 𝙽 𝙸 𝙺 𝙱 (@nbougalis) January 14, 2024
The @whale_alert code is misunderstanding what this transaction did and, as a result, it is misreporting.
It’s a partial payment, and in reality moved just a few cents. See https://t.co/co4sMIIesO
The motive was to seemingly trick Bitfinex into taking the transfer as real, which could have possibly opened the door to a hack. However, Bitfinex’s systems flagged the transfers as a “partial payment,” an XRP Ledger feature that allows a payment to succeed by reducing the amount received.
“Someone attempted to attack @bitfinex via “Partial Payments Exploit”, Ardoino said on X. “Attack failed since Bitfinex properly handles 'delivered_amount’ data field.”
Partial payments are useful for returning payments without incurring additional costs to oneself. These are a known attack vector, XRP Ledger transactional documents show.
“If a financial institution’s integration with the XRP Ledger assumes that the Amount field of a Payment is always the full amount delivered, malicious actors may be able to exploit that assumption to steal money from the institution,” the documents state.
“The malicious actor withdraws as much of the balance as possible to another system before the vulnerable institution notices the discrepancy.”
Security risks remain a huge concern in the broader cryptocurrency market. In 2023, users lost nearly $2 billion to scams, rug pulls and hacks.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
NFT Project Pudgy Penguins Takes Over Las Vegas Sphere in Holiday Campaign
The NFT brand’s animated segments will air on the Sphere across Christmas week, signaling the crypto company's move into real-world consumer markets.
What to know:
- Pudgy Penguins will run an ad campaign at the Las Vegas Sphere during Christmas week, one of the few crypto brands to secure a spot at the high-profile venue.
- The NFT project, which launched on Ethereum in 2021, has expanded into physical toys and digital gaming as part of a broader consumer push.
- Pudgy Penguins briefly overtook Bored Apes in floor price earlier this year and recently launched its PENGU token on Solana, now trading on major exchanges.
Top Stories
