The developers behind the privacy-based cryptocurrency monitor (XMR), currently the tenth largest digital asset, have announced they have solved a serious vulnerability. If detected by hackers, the bug could have caused significant damage to cryptographic exchanges and online merchants, accepting payments in XMR.
Reportedly, the bug was discovered after a community member described a hypothetical attack subreddit of monero. It has been found that lying in the wallet software could potentially allow a user to "burn" XMR by sending multiple payments to the same stealth address. For those who do not know the term, the stealth address is a payment proxy, adding an additional level of privacy. By sending the cryptography, the user can transfer it to an invisible address, which then redirects the funds to the desired address.
The official blog post shed light on how the vulnerability could be exploited, saying that "An attacker first generates a random private transaction key." Next, they modify the code to simply use this particular private transaction key, which ensures that multiple transactions at the same public address (for example, the hot wallet of an exchange) are sent to the same stealth address, after which they send, for example, a thousand transactions of 1 XMR to an exchange. of this particular abnormality (ie the funds received on the same stealth address), the exchange, as usual, will credit the attacker with 1000 XMR. "
Basically, after sending an XMR token a thousand times, the attacker receives an equivalent amount of another encryption, such as BTC. The exchange, executed on a defective Monero code, would have replied to all 1000 transactions with bitcoins, but later would have validated only the first transaction and invalidated the rest of the funds after the expiry of the invisible addresses.
This could have caused huge losses to the exchanges, but fortunately the Monero developers have already implemented a correction, releasing the patch v.0.12.3.0 earlier today. The bug did not affect the XMR protocol or the supply of coins.
It is not the first time that Monero is the subject of controversy. The anonymous digital currency has long been favored by hackers and other bad actors and we have already done so reported that malicious XMR mining software was detected on Apple Mac computers at the start of this year.
However, even the powerful bitcoin is not safe against similar incidents. Last week, the developers of BTC they have reported to detect a bug that would allow malicious miners to artificially inflate the bitcoin supply through a double-shopping transaction.
Image source: "Flickr"
I have been following the encrypted markets since mid-2017, just in time to witness the incredible growth of the digital goods industry. Fascinated by the potential of blockchain technology I started digging deeper and that's how I ended up meeting the Toshi Times team. I have a degree in Political Science, so the development of cryptography is particularly interesting for me. I'm also very involved with music, managing my label, a YouTube channel and working with the distribution. People call blockchain the "fourth industrial revolution" and I think it will change our daily lives over the next few years and we will have front row seats to witness it.