BSV
$70.06
Vol 141.23m
4.64%
BTC
$97849
Vol 59048.09m
-0.98%
BCH
$508.18
Vol 1822.2m
4.39%
LTC
$98.33
Vol 2725.61m
8.47%
DOGE
$0.42
Vol 24388.16m
5.15%
Getting your Trinity Audio player ready...

Privacy-based altcoin Monero (XMR) has revealed a number of different security flaws, which could have enabled hackers to steal cryptocurrency from exchanges.

The damning revelations are the latest embarrassment for Monero, allowing rogue miners to hypothetically force fake transactions which could ultimately have seen users lose funds stored on cryptocurrency exchanges.

Security researchers from HackerOne identified the flaws, described in a report into the vulnerabilities published on its website.

According to the report on the HackerOne site, the most serious of the vulnerabilities was obvious and easy to exploit:

“The vulnerability is not very hard to describe. According to current verification rules in the daemon, it is perfectly fine to have a zero amount in the miner transaction (besides the real, non-zero amount). It is also perfectly fine to have RCT signatures and they of course will not be checked. On the other hand, there is code in the wallet that basically says “if the amount is zero, decode the amount from RCT”.

“So to exploit the vulnerability an attacker will need to modify the daemon to create blocktemplates with zero amount in the miner tx, with a valid-enough RCT signatures so the amount will decode. The attacker will need to mine a block directly to an exchange wallet. Most exchanges identify their users by payment id. Including the said field in miner tx is not available functionality. While this seems to be trivial to implement, it was not attempted by us.”

The bugs were discovered several months ago, and eight out of nine of the vulnerabilities flagged have already been patched. While there are no reports of these vulnerabilities being exploited in the wild, it is nevertheless a serious cause for concern for Monero users.

The bugs follow similar discoveries in 2018, when a security flaw was uncovered which allowed XMR to be slowly stolen from cryptocurrency wallets and exchanges in concerted hacks.

At the time, security researchers said this was an example of the kind of critical bugs that can be expected in cryptocurrencies like SegWitCoin (BTC) and Monero, with the technology still very much in its infancy.

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement