A “Partial Vulnerability” in XRP Ledger Leaves 7 Million XRP Exposed, As Bitrue Explains the “Bug”


Vulnerabilities leave exchanges open to potential theft and fraud, and Bitrue just found a vulnerability with the XRP Ledger, leading to millions of XRP lost. What happened? How can exchanges keep the same thing from happening again?

  • Taiwan exchange loses 7 million XRP, due to improperly processing a partial payment on the XRP Ledger
  • Bitrue tweets guidance on correct way to submit partial payments.

Investigating any blockchain-based ledger for potential vulnerabilities is the easiest way for a firm to understand exactly what they need to change, if anything. In a recent investigation by Bitrue, a “partial payment vulnerability” was found in the XRP ledger.

While this sounds like an insignificant finding to some, the bug managed to pave the way for a hacker to use the problem to their advantage.

A tweet by Bitrue explained that BitoPro, an exchange in Taiwan that only just integrated XRP trading, handled a partial payment improperly. In doing so, they left themselves exposed to a hacker, who faked a deposit. The loss for BitoPro was approximately 7 million XRP.

To explain exactly how this impacted users, the exchange used the image below to demonstrate.  In this transaction, a user said that 330,000 XRP was sent, but the actual amount provided was 0.003255 XRP.

https://ambcrypto.sfo2.digitaloceanspaces.com/2019/05/1-590x354.png

The exchange continued with their example, showing exactly how this mistake can be made by exchanges that have XRP listed on their platform.

In the tweet, the exchange explained that most platforms are unaware that a “partial payment” can exist, so they use the “Amount” parameter to record the payment. Instead, the parameter needs to be “DeliveredAmount.”

https://ambcrypto.sfo2.digitaloceanspaces.com/2019/05/D5k4_GlWAAML9ND-768x394.jpg

For further information, the company tweeted two links that users can follow.

With the BitoPro attack, Bitrue managed to find the address that created the issue, which was activated within their own platform. From March 8th until now, the company states that 148 have taken place, but the detection system with Bitrue was too advanced to be fooled.

The creator of the XRP Tip Bot, Wietse Wind, commented on this matter, explaining that the user tested all exchanges, and confirmed that the attacker’s account came from Bitrue.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide