On Wednesday, the news of a 213 million XRP exploit shocked the Ripple community as speculation of a security breach in the security of the payment firm. Later details provided by Ripple executives clarified that the company did not manage the compromised accounts.
In a recent development, leading crypto exchange Binance has identified and frozen part of the stolen funds.
Partial Recovery Of The Stolen XRP
As previously reported, news about a possible hack on addresses associated with Ripple made headlines and plummeted XRP’s price to $0.5070. Later that day, Chris Larsen, Ripple’s Co-founder, confirmed on the X platform (Formerly known as Twitter) that unauthorized access to some of his accounts had occurred the day prior, clarifying that Ripple wallets were secured and that law enforcement had already been notified.
According to crypto detective ZachXBT, the attack took approximately $112.5 million worth of XRP tokens from the compromised wallets. The stolen tokens were sent through several exchanges, including Binance.
On February 1, Binance CEO Richard Teng announced on the X platform that part of the stolen funds had been successfully identified and frozen by the exchange’s Team. Although the recovery is important, it accounts for a small fraction of the stolen tokens, as only $4.2 million worth of XRP has been recovered so far.
After finding out early on about the exploit that occurred at @Ripple, we’re happy to say that the #Binance team has managed to freeze $4.2 Million worth of $XRP stolen by the exploiter.
We appreciate both the communities efforts in flagging it to exchanges – as always @zachxbt…
— Richard Teng (@_RichardTeng) February 1, 2024
Teng informed the community that the Ripple and Binance teams are collaborating. The crypto exchange will continue supporting the payment company in the investigation to retrieve the stolen funds.
Additionally, they will closely monitor the funds in the exploiter’s external wallets if deposited to Binance. The exchange’s CEO took the opportunity to thank both communities for their efforts in identifying and waning the parties involved, encouraging users and projects to reach out to the Binance team in instances like this.
Are “Irresponsible” Exchanges Preferred By Exploiters?
Thomas Silkjær, Head of Analytics and Compliance at the XRP Ledger Foundation, thanked Binance’s CEO for the quick and responsible acting of the team but considered the post’s wording “a bit ambiguous.”
Thank you for acting quickly and responsibly.
This tweet is a bit ambiguous.
1) The compromised accounts are personal accounts of @chrislarsensf – not an exploit at @Ripple2) The initial investigation was done by @XRPLF and initiated as it was happening – not carelessly…
— Thomas Silkjær (@Silkjaer) February 1, 2024
Silkjær remarked that the compromised accounts were personal wallets of Ripple’s co-founder instead of an exploit at Ripple. He also explained that the XRP Ledger Foundation did a complete handover of the data to Ripple as the firm is now leading the investigation for Larsen.
Answering a question from Neil Hartner, a Senior Staff Software engineer at Ripple, Silkjær provided some insight into the first steps of an exploit investigation, explaining that exchanges don’t have a systematic way to share and broadcast fraud incidents. He explained:
Not completely systemic, but through networks it’s possible to act quickly to many threats. Such as the Crypto Defenders Alliance (CDA). Over time you develop great relationships, and it is evident through these relationships who the responsible and irresponsible exchanges are.
Regarding the possibility of publicly identifying “irresponsible exchanges” and whether it would benefit exploiters, Silkjær stated that “they don’t necessarily care” as their Modus Operandi (MO) doesn’t take into consideration whether the exchanges are responsible or irresponsible.
Typical MO of these people are (in simple terms):
– Deposit to multiple exchanges, exchange, withdraw.
– Continue until they freeze your account. So small amounts first, then larger and larger amounts as confidence is built.
So they don’t necessarily care.
At the time of writing, only Binance has announced the identification and subsequent freezing of part of the stolen funds. ZachXBT previously identified six other exchanges the exploiters used to send the funds, including MEXC, Gate, Binance, Kraken, OKX, HTX, HitBTC, etc.
Cover image from Unsplash, chart from Tradingview