XRP Targeted in Partial Payment Exploit

Published on Unknown by Cryptovest Staff

The Beaxy exchange closed XRP trading after noticing rogue activity in the XRP/BTC pair.

Exchanges carrying XRP may have been hit with an exploit, affecting the Beaxy exchange most heavily. A day after the exchange halted the XRP/BTC pair, the nature of the exploit has been identified, and Beaxy promised it would roll back the trades.

Beaxy identified the problem as a “partial payment exploit”, a possibility granted by the approach to integrating the XRP digital ledger with the exchange.

Partial payments are natural to the XRP distributed ledger, as a mechanism for faster transactions. The exploit is well-known, and exchanges have been pre-warned to be aware of the integration with the XRP ledger:

“If a financial institution's integration with the XRP Ledger assumes that the Amount field of a Payment is always the full amount delivered, malicious actors may be able to exploit that assumption to steal money from the institution. This exploit can be used against gateways, exchanges, or merchants as long as those institutions' software does not process partial payments correctly,” explained XRP experts.

The Beaxy exchange is performing full KYC, so the operator is aware of the identities of the traders involved. In the past, the partial payment exploit has been used against small and obscure exchanges, seeking weaknesses in integration.

While Beaxy may reverse the trades, there are indicators that the exploiters managed to move BTC off the exchange. While the trading attack lasted, funds were moved to address 1 and address 2, presumably belonging to the hackers. More than 46 BTC may have been taken away in the attack. At the same time, the XRP distributed ledger showed multiple partial-payment transactions targeted at the exchange.

The news failed to affect the XRP price, which is already rather stagnant. XRP continued to hover around $0.29, and stagnant around 2,600 Satoshi despite some short-term volatility. The Beaxy exchange was relatively small, and prevented a larger attack. However, the known exploit also shows the need for expertise and attention when using XRP, as the distributed ledger poses danger to smaller entities that may lack the resources for proper integration.