The Monero privacy-oriented cryptocurrency has undergone a vulnerability and has resolved it over the past two days.
According to the official blog post, the bug would result in a wallet that does not mark the user when he receives a burned output. This bug would allow an attacker to burn off all the funds of an organization while he is only losing commissions on network transactions. Strangely enough, they do not get any monetary benefit from this activity.
However, the post said: "However, there are probably ways to indirectly benefit from it.The idea of burning funds by sending more transactions to the same stealth address has been documented for quite some time."
Monero as cryptocurrency is quite tempting for bad actors in the cryptocurrency market as it is one of the easiest among mine, among others. The fact that it is quite focused on privacy makes it an ideal currency. It is not possible to look at Monero's portfolios and transactions.
Recently, hackers realized they could extract cryptocurrency from government websites in India and the United States.
A security researcher, Indrajeet Bhuyan told the Economic Times (ET) news portal, "Hackers are pointing to government cryptocurrency websites because these sites receive high traffic and most people trust them. We have seen a lot of government websites being defaced (hacked) Now, the injection of cryptojacker is more fashionable as the hacker can make money ".
Explaining how the bug works, the post said: An attacker first generates a random private transaction key. Next, they modify the code to simply use this particular private transaction key, which ensures that multiple transactions at the same public address (for example, the hot portfolio of an exchange) are sent to the same stealth address. Subsequently, they send, for example, a thousand transactions of 1 XMR to an exchange. Since the exchange portfolio does not warn of this particular abnormality (ie the funds received on the same stealth address), the exchange, as usual, credits the attacker with 1000 XMR.
However, he added that fortunately, the bug did not affect the functionality of the protocol or the provision of tokens.
Did you like what you read? Join us on Telegram