Bitfinex suffered minor phishing attack

tabas

hero member

Activity: 3024

Merit: 745

Top Crypto Casino

Quote from: Z-tight on January 18, 2024, 06:13:17 AM

Quote from: Darker45 on January 17, 2024, 08:03:36 PM

But when I read the article, I wondered whether it was indeed just luck. It simply mentioned that "the attempt failed because the sender didn't have enough money to carry out the transactions". But what if the sender had that money? Does it mean the attack would have been successful?

To be honest i don't fully understand how the 'partial payments exploit' works, i read the articles on this story but i don't fully understand how an attacker can use it to attack the xrp ledger network. However, i was also curious when i read what you just wrote above, that the sender didn't have enough liquidity to carry out the exploit and that is why it failed, but then again they also said that:

I'm also confused as how it did happened and noting that the hacker was unlucky for that reason. But it seems that there's more to this failed attempt as per the article of Cointelegraph, it also said that the hacker attempted to do it as well with Binance and also failed.
So, IMO, it's not about luck or what not because what happened is that the hacker literally failed with the attempt and these exchanges should give us more of technical on how did it happened but if they don't that's fine. With some description about the attempt, it's like that the hacker after exploiting will do small transfers first for testing and see if it passes through the system of withdrawal. That's the easiest understanding that I've taken from what I've read.

Z-tight

legendary

Activity: 994

Merit: 1089

Quote from: Darker45 on January 17, 2024, 08:03:36 PM

But when I read the article, I wondered whether it was indeed just luck. It simply mentioned that "the attempt failed because the sender didn't have enough money to carry out the transactions". But what if the sender had that money? Does it mean the attack would have been successful?

To be honest i don't fully understand how the 'partial payments exploit' works, i read the articles on this story but i don't fully understand how an attacker can use it to attack the xrp ledger network. However, i was also curious when i read what you just wrote above, that the sender didn't have enough liquidity to carry out the exploit and that is why it failed, but then again they also said that:

Quote

Ardoino, however, noted the attack failed as “Bitfinex properly handles the ‘delivered_amount’ data field.

Everything that happened is not so clear to me, and i would appreciate if someone can explain how this exploit explicitly works and how the exchange was able to stop it.

Darker45

legendary

Activity: 2576

Merit: 1860

Quote from: mich on January 16, 2024, 01:14:57 AM

Well now Bitfinex was lucky this time. CEO of Bitfinex Paolo Ardoino says there was a hacker that tried to steal $15 Billion of XRP but he did fail to do it.

I would have disagreed and wouldn't think that it was mere luck that prevented the attack. Bitfinex had already been a victim of a costly hack in the past. It had also suffered other attacks since then. So, they must have learned lessons and invested more on security.

But when I read the article, I wondered whether it was indeed just luck. It simply mentioned that "the attempt failed because the sender didn't have enough money to carry out the transactions". But what if the sender had that money? Does it mean the attack would have been successful?

Potato Chips

hero member

Activity: 2786

Merit: 902

yesssir! 🫡

Quote from: mich on January 16, 2024, 01:14:57 AM

Well now Bitfinex was lucky this time. CEO of Bitfinex Paolo Ardoino says there was a hacker that tried to steal $15 Billion of XRP but he did fail to do it.

The failed attack comes from the XRP ledger. https://coinpaprika.com/news/hacker-s-attempt-to-steal-15-billion-in-xrp/

While luck may have played a part on this one as well, I think for the most part, it's because they did a good job -- but please don't let this create a false sense of security on you though haha. After all, it's a custodial platform at the end of the day.

Quote from: https://cointelegraph.com/news/unknown-wallet-xrp-transfer-bitfinex-partial-payments-exploit

A partial payments exploit works by assuming a company has an improperly configured system that only reads the amount field of an XRP transaction, which is set to a high amount.

In reality, the exploiter sends over a much smaller amount specified in another transaction field and aims to receive credit for the difference.

Ardoino, however, noted the attack failed as “Bitfinex properly handles the ‘delivered_amount’ data field.

Other exchanges should take note of this exploit as well because apparently, they did this with binance too and thankfully failed hence, it wouldn't be odd to think the perps will try this again on other exchanges.

Quote

According to blockchain data, the attacker also tried an attack on Binance with a 58.9 billion XRP transfer, which similarly failed.

On another note, next time I think it would be better to create another thread for this Cheesy

Husires

legendary

Activity: 1596

Merit: 1288

Quote from: mich on January 16, 2024, 01:14:57 AM

Well now Bitfinex was lucky this time. CEO of Bitfinex Paolo Ardoino says there was a hacker that tried to steal $15 Billion of XRP but he did fail to do it.

The failed attack comes from the XRP ledger. https://coinpaprika.com/news/hacker-s-attempt-to-steal-15-billion-in-xrp/

It is difficult to trust a service that has been hacked several times, whether on the part of the financial system, which is responsible for deposit and withdrawal transactions, or for user data, which is supposed to be stored independently and encrypted with a second layer. This is an invention of the entire security system of the platform, which must be the answer to it. It is to give full details of the attack, change the payment system, and prove that the platform has become secure, not to say that the attack failed.

Z-tight

legendary

Activity: 994

Merit: 1089

Quote from: mich on January 16, 2024, 01:14:57 AM

Well now Bitfinex was lucky this time. CEO of Bitfinex Paolo Ardoino says there was a hacker that tried to steal $15 Billion of XRP but he did fail to do it.

They were indeed very lucky, it is interesting to read how the attacker almost succeeded in exploiting the exchange through their 'partial payments' feature, one that has to do with the xrp ledger network. If the attacker was successful, almost $15 billion would have been stolen, and who knows what would have happened next for the exchange and also the industry. This is another warning to people who store their funds in centralized exchanges that they should move it into their self custody, before it is too late.

mich

legendary

Activity: 3122

Merit: 1032

#1 VIP Crypto Casino

Well now Bitfinex was lucky this time. CEO of Bitfinex Paolo Ardoino says there was a hacker that tried to steal $15 Billion of XRP but he did fail to do it.

The failed attack comes from the XRP ledger. https://coinpaprika.com/news/hacker-s-attempt-to-steal-15-billion-in-xrp/

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

It was a test hacking effort that used to measure how weak the front door's "waiters" was to break through, this meant their customer support was too easy to fool (the door was found).
While they are busy investigating, the attacker will probably come again in a new way but through the same door.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Quote from: Tytanowy Janusz on November 06, 2023, 02:45:28 AM

Quote from: albert0bsd on November 05, 2023, 02:26:25 PM

BTW Bitfinex is still in operation? WTF, Nobody should trust in a hacked CEX

Just because the exchange has been hacked doesn't mean it's not worth using. The key is how it behaved towards its clients at the time of the hack. Whether it passed on the losses to customers or not. Kucoin lost 300 million and no customer lost even a cent. Even Binance was hacked some time ago.

The exchange will take the side that the affected will not be covered by the customer, they usually have prepared funds when the hack occurs so that the customer's funds are safe.
It is difficult to tell them not to use CEX even though CEX has been hacked but customers will not leave maybe because in CEX there is their livelihood there.
Continue to read the article above says the affected are "Empty or inactive" empty in the sense that there is no balance in the customer's account and inactive users who have not used their accounts in several years?

It's still hard to believe if hackers have managed to penetrate the system and then they don't get any money in it.

dzungmobile

sr. member

Activity: 854

Merit: 424

I stand with Ukraine!

Quote from: KiaKia on November 06, 2023, 09:45:45 AM

This exchange is one of the worst old crypto exchanges, their reputation sucks I don't see why anyone should use the exchange, we still have strong exchange reviews online and Bitfinex is the most worst one, even the likes of Bitget which is new is way better.

Bitfinex used to be a leading exchange and they gave leading signal of Bitcoin price but I agree they lost their position to other exchanges. No longer belongs to most trusted, Tier 1 exchange but it does not belong to worst exchange listt. To say they are worst exchange, damn it is not true but there are many exchanges to choose and use.

Use for trading only as use any exchange and consider your account on exchanges as a personal wallet to store your Bitcoin or cryptocurrency is not smart, security wise.

KiaKia

sr. member

Activity: 728

Merit: 388

DGbet.fun - Crypto Sportsbook

This exchange is one of the worst old crypto exchanges, their reputation sucks I don't see why anyone should use the exchange, we still have strong exchange reviews online and Bitfinex is the most worst one, even the likes of Bitget which is new is way better.

This is what happen when a platform messed up and they decide to avoid cleaning up their mess, people don't ever forget, if you do well with your customers they will still trust you and maybe one day return, only very few exchanges got hacked and they compensate their customers for the mess they created.

I don't encourage trusting any crypto exchange but Binance became the first on every other exchanges for some reasons, they don't joke with customers, they take responsibility for everything and they make sure that no one says anything bad about the exchange, every other crypto exchanges need to learn from them.

JunaidAzizi

sr. member

Activity: 658

Merit: 283

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: ImThour on November 05, 2023, 11:00:51 AM

Just happened, according to the Bitfinex team, they will notify all the users who are affected by this.
Hacker was able to access "partial, incomplete and stale information" of the users, according to the press release by the company.

Yeah, the crypto exchange Bitfinix was attacked by hacker or hackers through a phishing strategy. They did not know whether it was a single hacker or a group of hackers that attacked this exchange. They called it a minor attack and at the beginning, they said that the hacker did not get access to the database center or users' passwords or accounts but after that, they said that most of the accounts were hacked and the hacked accounts were mostly inactive or empty.

I don't know how the hackers attacked a big exchange that worked from 2012 just on inactive or empty accounts or if the exchange hid the truth. For your security, I recommend shifting your funds from that exchange to some other exchange for some time when things are fixed then using it again.

Tytanowy Janusz

legendary

Activity: 2156

Merit: 1622

Quote from: tbct_mt2 on November 06, 2023, 09:05:31 AM

Thank you for mentioning Kucoin exchange. When they were hacked, they were not a big exchange like now.

I think they were in top 5 in terms of real trading volume, just like they are now. The size of the hack kinda proves that. 300 million of lost customer funds, which was called the second largest hack in the history of crypto, which was second only to MtGox and beat number 3 on the list 6 times. But mtgox went bankrupt, taking with it the rest of the customers' funds (the hack itself could be a scam), kucoin coped and continues to operate.

tbct_mt2

hero member

Activity: 2366

Merit: 838

Quote from: Tytanowy Janusz on November 06, 2023, 02:45:28 AM

Just because the exchange has been hacked doesn't mean it's not worth using. The key is how it behaved towards its clients at the time of the hack. Whether it passed on the losses to customers or not. Kucoin lost 300 million and no customer lost even a cent. Even Binance was hacked some time ago.

Their reputation can be built by hacks and how they compensate their users after hacks. I knew about Poloniex in the past got hack but they compensated their users fairly and became a biggest cryptocurrency. They lost that position to Bittrex because of poor infrastructure expansion to satisfy massive user explosion in 2017 but it could be their dirty games to kill their users in margin through lag times too. Bittrex later lost their position to Binance and I believe you knew all about that.

Thank you for mentioning Kucoin exchange. When they were hacked, they were not a big exchange like now.

Twentyonepaylots

sr. member

Activity: 1932

Merit: 370

Quote from: alani123 on November 05, 2023, 02:51:47 PM

I wonder why anyone would trade on Bitfinex still...

Probably non-affected users will still continue to use the platform, until they get affected by the attacks which is quite inevitable for an exchange that has a history of such event.

Quote from: alani123 on November 05, 2023, 02:51:47 PM

It's one of the exchanges with the worst reputation and historically have wronged so many people. At this point it wouldn't be too unlikely that it's just a frond for Tether and their unauthorized printing of fake USDT for money laundering.

Been reading some articles about this exchange, and news and it happened several times. I wonder how they are still getting new users of the platform, wouldn't this news should be enough to wake up their clients?
Let's see how they are going to manage this phishing attacks, and how would they compensate the affected users. I hope they would do a full-compensation plus some promo for disruption and inconvenience.

Aanuoluwatofunmi

sr. member

Activity: 798

Merit: 436

Quote from: ImThour on November 05, 2023, 11:00:51 AM

https://www.theblock.co/post/261561/bitfinex-suffered-minor-phishing-attack-will-notify-affected-users

Just happened, according to the Bitfinex team, they will notify all the users who are affected by this.
Hacker was able to access "partial, incomplete and stale information" of the users, according to the press release by the company.

Bitfinex is not a good option for use to use as an excha, i believe this should be well known by an average bitcoiner by understanding the difference between custodial and non custodial wallets, secondly, if there's a phishing attack, it is the magnitude to how far they have launched the attack is what we can consider as being big or small, there's nothing like partial physhing attack, if they attack then they strike, if they attempts but didn't strike through means an incomplete or unsuccessful attempt, not your keys not your coins, avoid centralized exchanges, if the worst should happened, there's nothing the team can do im restoring back people's assets.

fuguebtc

hero member

Activity: 1974

Merit: 539

Leading Crypto Sports Betting & Casino Platform

Quote from: alani123 on November 05, 2023, 02:51:47 PM

I wonder why anyone would trade on Bitfinex still... It's one of the exchanges with the worst reputation and historically have wronged so many people. At this point it wouldn't be too unlikely that it's just a frond for Tether and their unauthorized printing of fake USDT for money laundering.

I don't use Bitfinex, but have they been hacked before and caused damage to users? One thing I see is that Bitfinex is also a favorite exchange platform for sharks. Some news I have read and learned is that whales in the market often use Bitfinex or coinbase to sell assets rather than Binance or OKX. So I think maybe they are another big exchange besides Binance or OKB.

As for them printing USDT, we don't have any evidence for that so it's hard to say. If they were actually laundering money or doing something illegal, would law enforcement cover them up?

DapanasFruit

member

Activity: 1218

Merit: 49

Binance #Smart World Global Token

I am not so familiar with Bitfinex...all I know is that this is an exchange platform and has the same parent company that released and managed USDT or Tether. Obviously, many people - most especially on this forum - do not believe that Bitfinex is a good exchange worth dealing with. I do not have an account in Bitfinex and I don't have any plan to open one. Having experienced an unfortunate hacking, this is telling us that it is one of the many showing weakness which was exploited by professional hackers all just waiting for the right time to illicitly come in. Let's hope that eventually no users can lost any fund and that Bitfinex is going to learn many big lessons of this incident.

knowngunman

sr. member

Activity: 798

Merit: 364

Quote from: albert0bsd on November 05, 2023, 02:26:25 PM

I think that there is no such thing like a minor phishing attack, maybe the impact of such attack was minor... but a single phishing attack can compromise all the company.

BTW Bitfinex is still in operation? WTF, Nobody should trust in a hacked CEX, not even a CEX that was victing of two idiots like The Crocodile of Wall Street and her husband
“Crocodile of Wall Street” and her husband plead guilty to giant-sized cryptocrimes

I haven't use the exchange before but judging from the few comments under this thread so far, it seems they have no more reputation to keep or protect. However, even a minor phishing attack can have major repercussions. Phishing attack may be term minor in terms of the damage it causes but it's still a serious threat to any company who care about it reputation even if the phishing attack only affects a small number of people because it can have a major impact on the company's reputation and trust. If an exchange is known for having a history of phishing attacks, people may be less likely to do business with them. But is there need to notify the affected users? Hope they'll compensated?

Tytanowy Janusz

legendary

Activity: 2156

Merit: 1622

Quote from: albert0bsd on November 05, 2023, 02:26:25 PM

BTW Bitfinex is still in operation? WTF, Nobody should trust in a hacked CEX

Just because the exchange has been hacked doesn't mean it's not worth using. The key is how it behaved towards its clients at the time of the hack. Whether it passed on the losses to customers or not. Kucoin lost 300 million and no customer lost even a cent. Even Binance was hacked some time ago.

Topic: Bitfinex suffered minor phishing attack (Read 267 times)