Home / Crypto Currency / Monero Devs Patch Bug Allowing Attackers to ‘Burn’ Cryptocurrency Exchange Deposits

Monero Devs Patch Bug Allowing Attackers to ‘Burn’ Cryptocurrency Exchange Deposits

burn money monero bug cryptocurrency


The developers of privacy-centric cryptocurrency monero have patched a bug that would have allowed an attacker to cause significant damage to cryptocurrency exchanges and XMR-friendly merchants.

Now-Patched Monero Bug Put Cryptocurrency Exchanges, Merchants at Risk

Addressed through a software patch privately distributed to exchanges and merchant and later publicly disclosed through a post-mortem on the project’s website, the bug would have allowed a user to deliberately “burn” XMR by sending multiple payments to the same stealth address. While the recipient would have been able to spend one output (the wallet automatically uses the largest output first), funds sent through subsequent transactions would have been rendered unspendable since these transactions would have resulted in duplicate key images that would would have been rejected by the network as suspected double spend attacks.

A determined attacker could have exploited this bug by sending a series of payments to a single stealth address belonging to a cryptocurrency exchange or merchant. Specifically, the bug was found in the monero wallet software, which did not screen for this particular abnormality. Consequently, the receiving wallet would not have flagged these transactions as problematic and would have credited the deposit or marked the invoice as paid.

Monero bug

In the case of an exploit executed against an exchange, the attacker would have been able to trade the full deposit for other cryptocurrencies and withdraw them to an external wallet. However, when the exchange operator attempted to include the deposited funds in a future transaction they would only have been able to spend the largest output. And though the attacker would not have received a direct material benefit, they could have — for the price of network transactions fees — been able to cause the exchange, and by extension traders holding funds on the platform, to lose a massive amount of funds.

If deployed on a large enough scale, the exploit could have indirectly benefited the attacker by reducing the effective monero supply, i.e. the amount of spendable XMR, thereby theoretically increasing the value of each spendable coin relative to the cryptocurrency’s market cap.

Notably, the basic structure of the exploit had been known for quite some time. However, it was only recently that, spurred by a discussion on the XMR subreddit, developers identified that the bug could be meaningfully exploited to the detriment of cryptocurrency exchanges, merchants, and other organizations.

Disclosure of the bug has not had a noticeable effect on the monero price. Currently trading at $114, XMR is down 3 percent for the day while most other large-cap altcoins are down at least 5 percent.

More Code Review Needed in Cryptocurrency Ecosystem

Reflecting on the process used to disclose the bug and privately circulate the patch to vulnerable organizations, community moderator dEBRUYNE acknowledged that the methods used were less than ideal but noted that the community has not yet implemented a better vulnerability reporting protocol.

From the post:

“I (and others) privately notified as many exchanges, services, and merchants as possible with the (private) patch that had to be applied on top of the v0.12.3.0 release branch. To reiterate (from the previous post mortem blog), this is clearly not the preferred method, as it (i) invariably excludes organizations that I (and others) personally do not have contact with, but are an essential part of the Monero ecosystem and (ii) may invoke a view of preferential treatment. However, there had only been limited time to improve the vulnerability report process.”

Later in the post, dEBRUYNE called for more developers to participate in XMR code review to prevent similar incidents from occurring in the future, adding that “this event is again an effective reminder that cryptocurrency and the corresponding software are still in its infancy and thus quite prone to (critical) bugs.”

Indeed, not even bitcoin is immune from such incidents. As CCN reported, BTC developers recently patched a vulnerability that, if exploited, would have allowed miners to effectively print new coins, artificially inflating the cryptocurrency’s supply.

Images from Shutterstock

Follow us on Telegram or subscribe to our newsletter here.
Join CCN's crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.
Read more

Check Also

Cardano Price Analysis: ADA/USD at Potentially Major Turning Point

Key Highlights ADA price is struggling to clear a major resistance area near $0.0800 against the US Dollar (tethered). There is a monster long term bearish trend line formed with resistance at $0.0780 on the hourly chart of the ADA/USD pair (data feed via Bittrex). The pair must break the $0.0780 and $0.0800 resistance levels to move into a bullish zone. Cardano price is currently consolidating against the US Dollar and Bitcoin. ADA/USD is facing a significant resistance near the $0.0780-0.0800 zone. Cardano Price Analysis Recently, cardano price spiked above the $0.0800 resistance area against the US Dollar. However, the ADA/USD pair failed to gain traction above the $0.0800 level. It traded as high as $0.0815 and later started a fresh decline. The price moved down and broke the $0.0780 support and the 100 hourly simple moving average. A low was formed at $0.0750 and later the price started moving higher. It climbed above the $0.0780 level and the 50% Fibonacci retracement level of the last decline from the $0.0815 high to $0.0752 low. However, the upside move was again capped by the $0.0800 zone. More importantly, there is a monster long term bearish trend line formed with resistance at $0.0780 on the hourly chart of the ADA/USD pair. Therefore, a break above the trend line and the 61.8% Fibonacci retracement level of the last decline from the $0.0815 high to $0.0752 low is must for more gains. Above $0.0800 and the $0.0815 high, the price is likely to climb above the $0.0850 level. The chart indicates that ADA price is trading near important levels such as $0.0750 and $0.0800. If buyers continue to fail near the $0.0800 level, there are high chances of a downside break below the $0.0750 support. On the upside, above $0.0800, the price may move into a bullish zone. Hourly MACD – The MACD for ADA/USD is about to move into the positive zone. Hourly RSI – The RSI for ADA/USD is currently just below the 50 level. Major Support Level – $0.0750 Major Resistance Level – $0.0800 The post Cardano Price Analysis: ADA/USD at Potentially Major Turning Point appeared first on NewsBTC.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.