12-25-2024
BSV
$56.86
Vol 24.79m
-1.02%
BTC
$98675
Vol 23413.2m
-0.45%
BCH
$460.33
Vol 222.54m
-3.45%
LTC
$108.55
Vol 540.75m
-1.23%
DOGE
$0.33
Vol 2764.94m
-1.78%
Getting your Trinity Audio player ready...

Privacy-based altcoin Monero (XMR) has revealed a number of different security flaws, which could have enabled hackers to steal cryptocurrency from exchanges.

The damning revelations are the latest embarrassment for Monero, allowing rogue miners to hypothetically force fake transactions which could ultimately have seen users lose funds stored on cryptocurrency exchanges.

Security researchers from HackerOne identified the flaws, described in a report into the vulnerabilities published on its website.

According to the report on the HackerOne site, the most serious of the vulnerabilities was obvious and easy to exploit:

“The vulnerability is not very hard to describe. According to current verification rules in the daemon, it is perfectly fine to have a zero amount in the miner transaction (besides the real, non-zero amount). It is also perfectly fine to have RCT signatures and they of course will not be checked. On the other hand, there is code in the wallet that basically says “if the amount is zero, decode the amount from RCT”.

“So to exploit the vulnerability an attacker will need to modify the daemon to create blocktemplates with zero amount in the miner tx, with a valid-enough RCT signatures so the amount will decode. The attacker will need to mine a block directly to an exchange wallet. Most exchanges identify their users by payment id. Including the said field in miner tx is not available functionality. While this seems to be trivial to implement, it was not attempted by us.”

The bugs were discovered several months ago, and eight out of nine of the vulnerabilities flagged have already been patched. While there are no reports of these vulnerabilities being exploited in the wild, it is nevertheless a serious cause for concern for Monero users.

The bugs follow similar discoveries in 2018, when a security flaw was uncovered which allowed XMR to be slowly stolen from cryptocurrency wallets and exchanges in concerted hacks.

At the time, security researchers said this was an example of the kind of critical bugs that can be expected in cryptocurrencies like SegWitCoin (BTC) and Monero, with the technology still very much in its infancy.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement