Monero bugs could have exposed users to XMR theft
The damning revelations are the latest embarrassment for Monero, allowing rogue miners to hypothetically force fake transactions which could ultimately have seen users lose funds stored on cryptocurrency exchanges.
Security researchers from HackerOne identified the flaws, described in a report into the vulnerabilities published on its website.
According to the report on the HackerOne site, the most serious of the vulnerabilities was obvious and easy to exploit:
“The vulnerability is not very hard to describe. According to current verification rules in the daemon, it is perfectly fine to have a zero amount in the miner transaction (besides the real, non-zero amount). It is also perfectly fine to have RCT signatures and they of course will not be checked. On the other hand, there is code in the wallet that basically says “if the amount is zero, decode the amount from RCT”.
“So to exploit the vulnerability an attacker will need to modify the daemon to create blocktemplates with zero amount in the miner tx, with a valid-enough RCT signatures so the amount will decode. The attacker will need to mine a block directly to an exchange wallet. Most exchanges identify their users by payment id. Including the said field in miner tx is not available functionality. While this seems to be trivial to implement, it was not attempted by us.”
The bugs were discovered several months ago, and eight out of nine of the vulnerabilities flagged have already been patched. While there are no reports of these vulnerabilities being exploited in the wild, it is nevertheless a serious cause for concern for Monero users.
The bugs follow similar discoveries in 2018, when a security flaw was uncovered which allowed XMR to be slowly stolen from cryptocurrency wallets and exchanges in concerted hacks.
At the time, security researchers said this was an example of the kind of critical bugs that can be expected in cryptocurrencies like SegWitCoin (BTC) and Monero, with the technology still very much in its infancy.
To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.