Monero wallet vulnerability allowed Hackers to steal XMR from exchanges

The privacy-centric cryptocurrency Monero was subject to a minor cybersecurity threat. Bug bounty hunter Jason Rhineland disclosed that the exploit may be currently in progress.

According to sources, “inventive” hackers could create virtual transaction data by simply copying a line of code from Monero’s wallet – which is open-sourced and accessible to everyone. The hackers can easily manipulate the volume shown by the wallet while enabling transactions between addresses.

Approving dodgy transactions was made very easy by multiplying the amount of XMR shown by each additional line. Later hackers can demand transactions from the exchanges to be processed immediately and can claim a huge total amount than the actual amount sent for confirmation.

The researcher revealed in the disclosure, “An attacker could exploit this repeatedly to siphon of all of the exchange’s balance.”

Reports say that the vulnerability also affected other Monero-based cryptocurrencies, that utilize variations of the CryptoNote protocol to function sufficiently.

See also: Coinbase adds new plugin; Bitcoin, Ethereum, Litecoin, Bitcoin Cash Reach Millions of web Stores

Victim to the Bug: Altex Exchange

The developers fixed the issue for Monero within no time but an exchange named Altex which was affected posted the issue on Twitter make its users know that hackers had used the security flaw to their advantage. The Altex team wrote,

“We have been experiencing issues with two of our listed coins (they were still affected by the double-counting bug recently found in the Monero codebase, even after updating the software). That bug caused a big loss in coins for the exchange and we have put our main currency under maintenance so the people who exploited the bug can no longer withdraw… We will suspend trading for now and keep writing updates on our twitter. We are trying to resolve this situation ASAP, we hope you understand.”

After the investigation, the exchange faced this issue from early July. The exchange tweeted,

“Every CryptoNote based coin is currently under maintenance while we wait on the coin developers to update/fix their wallet because of the recent bug discovered.”

Image via Shutterstock

Be the first to comment

Leave a Reply

Your email address will not be published.


*