QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$0 USD
OCTOBER 2014
GLOBAL
RIPPLE TRADE
DESCRIPTION OF EVENTS
"Launched in 2012, Ripple aims to support instant cross-border payments through its network and gateways. These gateways can be integrated by financial institutions, several of which have joined the network or have explored doing so over the past two years."
"Ripple Trade is one of Ripple Labs' recent additions to its suite of services." "The Ripple Trade client is an open-source GUI for the Ripple network that facilitates the peer-to-peer exchange of any store of value. It’s the only platform where you can trade between stores of value spanning fiat, cryptocurrencies, commodities, and unusual assets like pre-1965 silver dimes." "Ripple Trade [was] available at www.rippletrade.com."
"The exchange Ripple Trade allowed users to trade between fiat and the digital currency." "According to its website, the platform facilitates the trading of hundreds of assets including fiat currencies, and gold. It was intended to be the most direct and economical venue to acquire Ripple’s XRP currency." "There are no trading fees." "Accounts [we]re fully activated via deposits of Bitcoin or XRP."
"The service goes a step further to decentralize its model with its unique credentials and logins procedure. It does not act as trusted custodian to manage login credentials, and does not offer a mechanism of recovery should you forget your password. Instead, it displays a one-time secret key, which should be recorded and stored in a safe place. The key acts as a backup to unlock your account."
"A network-wide weakness in how both Ripple and Stellar communicated transactions was exploited by an unknown third-party to to deposit false IOUs through Ripple/Stellar to [Ripple Trade]. These were consequently withdrawn to their own payment networks as native currencies." "RippleTrade.com was affected until Oct 9th."
"The current problem appears to have come from the tfPartialPayment function unique to the Ripple paradigm. Both Stellar and Ripple require a “special trust” in certain nodes that leave those nodes vulnerable to attack." "When the tfPartialPayment flag is enabled, the Amount field is not guaranteed to be the amount received. In fact, there is no minimum guaranteed amount that a partial payment actually delivers." "The problem was noticed by users on the Justcoin exchange on October 8, 2014 when one of the team members noticed a large, and unusual, digital transaction. Once Justcoin noticed the transaction, they immediately shut down the entire site to protect the assets and immediately informed both Stellar and Ripple Labs of the potential problem." "Total value is ~150k USD in XRP and STR. Stolen assets are 100% trackable with limited exit points, mostly still in 1 account?"
"The event is relatively easy to explain. Ripple has many features for their users but they also have many others that have not been implemented and a few that are not even known to many outside developers, which could be why Ripple Labs did not notice this particularly strange transaction." "Perhaps this is why Ripple/Stellar developers and users did not notice a special transaction flag called tfPartialPayment. It’s poorly documented and not used by any wallet software. It’s like receiving a 100 USD bill with a little note in the corner that says “Actually just worth 1 USD”."
"The transaction was for 1,000 BTC but if anyone checked the Meta - it showed that only 0.001 BTC had actually been sent. Upon tracking back, it appeared that the sender did not even have 1,000 BTC to send to anyone so basically it appeared as if the hacker was trying to fool someone into thinking that they had actually sent the thousand Bitcoins when they actually only sent a tiny amount. The problem arose, however, when transaction actually went through. So far Ripple has said it fixed the bug on October 9 on RippleTrade and Stellar also appears to have fixed the bug but Ripple.com/graph does not appear to have been fixed as yet."
"[The failure] is caused by a feature that is poorly documented and has been present in both Ripple and Stellar for a long time. Other gateways, exchanges and native transaction explorers have also been affected. There is also documented that the security vulnerability has been known by the network developers for at least 2 months without any kind of explicit and direct warning to affected gateways and other services."
"Stellar is reporting that their nodes have been patched and tfPartialPayment has been permanently removed and RippleTrade is also reporting that it has been patched along with several of its exchanges as well." "RippleTrade.com was patched on October 9th."
"This week, we learned of an issue related to a payment setting feature known as “partial payments” that existed in the legacy code base of the Stellar protocol. As it exists in the Ripple code base, partial payments allow a user to send a small part of a payment rather than the entire payment. For example, the sender could tell the anchor that s/he was sending 10 BTC while actually only sending .0001 BTC. This feature is rarely, if ever, used in practice. Normally, an anchor must check the “Amount” field to determine how much they received as it is the only field returned. However, in the case of a partial payment transaction, the “DeliveredAmount” field appears and the anchor must check the “DeliveredAmount” field instead. If an anchor or other entity is unaware of this setting, it could result in loss of funds."
"In 2014, the [Ripple] currency had continued its operations to become a bank-to-bank model involving itself with many institutions and also following regulatory policy. At the end of the year, the gateway XRP users had used in the past to sell the token for fiat called Ripple Trade, has now revealed its own policy towards its users. The platform would require verified identification in order to operate its system. This had created quite a stir in the decentralized community as sell-offs started occurring again dropping the tokens value."
"Ripple has added a small notice on its Ripple Trade website stating that the company encourages its existing users to verify their identity details before August 30, 2015. Identity verification is optional until the deadline and existing users can continue to trade with their unverified accounts until the deadline. It also mentioned that the company is pausing all account signups until further notice." "RippleTrade [started] requiring a government issued ID and other personal information October 31 2015."
"Thanks to the recent crackdown by US Financial Crimes Enforcement Network (FinCEN) where Ripple was slapped with a $700,000 fine for non-compliance of regulations while operating as a money services business and selling its virtual currency. FinCEN had found that the parent company of Ripple Labs — XRP II, LLC had willfully violated the Banking Secrecy Act by not implementing effective Anti-Money Laundering (AML) program. Since the enforcement drive, Ripple has suspended all new signups on Ripple Trade."
“We are discontinuing operations of rippletrade.com.” ~ Ripple Support
“Thus, in the best interest of the Ripple ecosystem, we are discontinuing support for Ripple Trade in early 2016. The exact date is to be determined as we’re focused right now on providing a smooth a transition to new wallets and gateway services for Ripple Trade customers.” ~ Ripple Support
"Ripple has set up an "optimal migration path" for users to move their holdings from Ripple Trade to GateHub. Alternatively, they can make a manual transfer to external wallets."
"US-based users have until January 13 to migrate their funds through a gateway or to another wallet provider, after which the funds will no longer be accessible. Users based outside of the US will have longer; an exact deadline for them is yet to be determined."
The Ripple Trade platform served as one of the primary gateways for users to bridge between the Ripple cryptocurrency and different fiat currencies or other asset-backed currencies. In 2014, a new feature existed on the Ripple and Stellar blockchains called "partial payment". This allowed the sender to send only part of a payment to the recipient, with the amount of the payment still showing the full amount. The feature wasn't documented properly and some platforms including Ripple Trade were vulnerable because they credited customers the full amount instead of just the partial deposit in this case. It appears that a fix was introduced on the Ripple Trade platform before the issue could be exploited. The feature has since been disabled on both Ripple and Stellar blockchains. Ripple Trade was later discontinued due to money laundering concerns.
HOW COULD THIS HAVE BEEN PREVENTED?
There are many methods of resolving this. The first is around additional reviews of the platform security, and how deposits are credited to accounts. A second would be security around withdrawals, preventing those if the balances in the wallet fail to match what's expected. The third is around a reduction in the size of the hot wallet, which would reduce the risk. And finally, an industry insurance fund could cover any remaining events.
Stellar and Ripple Hacked: Justcoin to the Rescue (Mar 26)
Email from Justcoin about their hacking - General Discussion - XRPtalk (May 15)
https://medium.com/@abrkn/partial-payments-ripple-stellar-vulnerability-in-the-wild-29aaefd8a7ac (May 15)
Ripple Forum • View topic - justcoin blog:Partial Payments: Ripple/Stellar vulnerability (May 15)
Removal of Partial Payments - SDF Blog (May 15)
RippleTrade.com alternative? : Ripple (Jun 9)
'So Wait - Is Ripple Centralized After All?' | Bitcoinist.com (Jun 12)
Now that RippleTrade will shut down, what alt Wallets will be good for XRP? : Ripple (Jun 12)
Ripple Trade Closing, Replaced With Wallet and Trading Portal GateHub | Finance Magnates (Jun 12)
Ripple Trade to Require ID in Compliance Shift (Jun 12)
GitHub - ripple/ripple-client: A UI for the Ripple payment network built using web technologies (Jun 12)
Ripple Labs Quietly Suspends New Signups on Ripple Trade (Jun 12)
https://fortune.com/2015/07/09/ripple-halts-new-accounts/ (Jun 12)
https://nagamarkets.com/news-and-analysis/articles/how-to-trade-ripple (Jun 12)
[TASK] Jsonrewriter: Check DeliveredAmount when creating transaction.… · ripple/ripple-client@80c1771 · GitHub (Jun 12)
XRP Ledger Explorer - XRPSCAN (Jun 12)
XRP Ledger Explorer - XRPSCAN (Jun 12)
