Monero’s critical burning bug fixed; developers say organizations could be at risk mentioned bug.
Monero’s official post stated that there was a bug in the wallet which could be used by attackers to send multiple transactions to the same stealth address, which were a predominant part of Monero’s privacy. They would be used to authorize and request a sender to create random one-time addresses for all the transactions which were done on behalf of the receiver.
According to the post, this could result in attackers intentionally burning the funds of an organization present in Monero’s ecosystem. The funds can be burnt from any wallet without any additional cost except for the network transaction fees. However, the attacker does not have any direct monetary gains but might benefit from the attack indirectly.
Sending multiple transactions to the same stealth address to burn the funds of a user is not something new and there has been recorded evidence of its existence for quite some time. They further stated:
“the consequences of an organization being involved was not thoroughly thought through until a community member described a hypothetical attack on the Monero subreddit”
The Monero community stated that numerous duplicate key images can be generated by sending XMR to an identical stealth address. The network then declines the key image as it is already available on the blockchain and it will be recognized as an effort to double spend.
The official post further stated that attackers modify the code to get access to a particular private transaction key. This allows the stealth address to receive the same multiple transactions sent to the public address. The attacker could then send one thousand transactions of one XMR to any cryptocurrency exchange. Since the exchange wallets are not aware of the particular abnormality they will credit the attacker with 1000 XMR. Thus the cryptocurrency exchanges are left with 999 burnt outputs of 1 XMR.
However, The community confirmed that the bug did not affect Monero’s protocol and the coin supply was not affected. According to a recent post, the Monero [XMR] wallets on major exchanges like Poloniex, Bittrex, Cryptopia, and XMR.to were not functioning. Cryptopia, a major exchange platform also stated that the actions were taken as per the request of the Coin Developer.
The post Monero’s critical burning bug fixed; developers say organizations could be at risk appeared first on AMBCrypto.