EMERGING TECH
EMERGING TECH
EMERGING TECH
Serious bug in Monero allowed theft from cryptocurrency exchanges
In a case of potential irony given that Monero is the favored cryptocurrency of hackers worldwide, a recently discovered bug in its code could have allowed bad actors to obtain funds from exchanges illegally.
Described as a “burning bug,” the vulnerability potentially allowed a user to deliberately “burn” Monero, also known as XMR, by sending multiple payments to the same stealth address.
As CCN explained, a person sends the payment and while the recipient would have been able to spend one output (the wallet automatically uses the largest output first), funds sent through subsequent transactions would have been rendered unspendable. That’s because these transactions would have resulted in duplicate key images that would have been rejected by the network as suspected double-spend attacks.
In a blog post, the Monero developer explained that “because the exchange’s wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1,000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker’s action(s) is that the exchange is left with 999 unspendable/burnt outputs of 1 XMR.”
Although the bug has been rectified with a patch being offered to exchanges, the fact that it existed to begin with may have caused Monero some longer-term damage.
According to Unhashed, Bittrex, Poloniex, Cryptopia and XMR.to all suspended trading in Monero as news of the vulnerability became known. Trading has returned on most of those exchanges, but bigger exchanges now look poorly on risky cryptocurrency.
Bittrex delisted Bitcoin Gold earlier this month after a hack and a quick glance through its history shows it has delisted other cryptocurrencies as well.
Monero, already gaining lots of government attention thanks to its use by hackers and other bad actors, is already a risky cryptocurrency for licensed exchanges to handle. Bad press such as this bug is not going to help its cause.
Image: 159526894@N02/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
