Today, reports highlight another security vulnerability within Monero XMR, a cryptocurrency designed for optimal privacy. Now we already know about the associations between Monero and the malicious mining, but this marks another example of how XMR traders and investors have been put at risk, simply because of the currency markup.
Before continuing, I will highlight that this vulnerability has been resolved.
Reports state that hackers used XRM to create fake transaction data that could be sent to staff exchange to trick them and credit hacker accounts with additional XMR tokens, tokens that do not. The vulnerability that allowed it existed within Monero's Wallet, an open source portfolio that allowed the manipulation of transaction addresses. When new lines are added to the code, the amount of XRM in the transaction is multiplied, making it appear that the transaction is worth much more than it actually is.
According to The Next Web:
"Each additional row multiplied the amount of XMR shown – which made the deceptive support staff to approve unsafe transactions much simpler, so hackers could call exchanges and request that the transactions be processed immediately – requesting in total the total amount originally sent for confirmation.Another disturbing detail is that it seems that the error is extended to other Monero coins. notes that the attackers were able to steal ARQ coins – a tough Monero fork – from the wallet of the Altex exchange counter. "
See more for yourself, here .
Hack and theft are problematic in private currencies, so what is their point of view?
The idea of a coin for privacy is to allow users to maintain complete anonymity, but in turn allows criminals and hackers to hide behind these masks too. The risk of attack can be reduced by making the currency less private but, in turn, the single point of sale is lost, so a solution is almost impossible to find. For Monero specifically, these vulnerabilities mean that data has the potential to be exposed, which in turn reduces the "privacy" of the network. Coins are not so private, if a hacker can manipulate your assets, right?
Therefore, surely it is useful to reduce privacy in an attempt to improve security?