Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges

Privacy-focused altcoin Monero has suddenly disclosed nine security vulnerabilities  including one that could have allowed hackers to steal XMR from cryptocurrency exchanges.

Until March, rogue Monero miners were hypothetically able to create “specifically-crafted” blocks to force Monero wallets into accepting fake deposits for an XMR amount chosen by the attacker.

“It is our belief that this can be exploited to steal money from exchanges,” said security researchers in their initial HackerOne report. They were eventually awarded 45 XMR ($4,100) for their efforts.

Five DoS attack vectors were also disclosed, with one labeled “critical” severity.

Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges 1
Monero’s recent HackerOne activity

Another related specifically to CryptoNote, an application layer used by Monero to increase transactional privacy. This flaw could’ve seen bad actors take Monero nodes down by maliciously requesting large amounts of blockchain data from the network.

Andrey Sabelnikov, who discovered the bug, told Hard Fork: “If you have quite a big blockchain (with long history like Monero […]), then you can push a protocol request that will call all of its blocks from another node, which could be hundreds of thousands of blocks.”

“Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge memory consumptions, which is typical of Linux systems,” he added.

Sabelnikov warned there could be other cryptocurrency projects relying on CryptoNote that are similarly susceptible to these attacks.

Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges 2
Devs discuss when best to disclose the CryptoNote bug

Monero software was also found to have been leaking “uninitiated” memory to untrusted network peers. This kind of memory reportedly could have included sensitive material (such as cryptographic or other similarly private data).

Emerging crypto software like Monero is going to have bugs

The bulk of these bugs was submitted roughly four months ago. Eight vulnerabilities have since been patched, while one remains almost entirely undisclosed. The reports appear to be timed to coincide with the release of Monero version in June. 

It should be noted that most of these flaws were described as “proof of concepts.” At pixel time, there have been no reports of these bugs being exploited in the wild.

Last year, a bug in Monero wallet software was found that would have allowed XMR to be drained from wallets (owned by cryptocurrency exchanges, for example) in targeted attacks.

At the time, devs warned its discovery should remind the public that cryptocurrency (and related software) is still in its infancy, and that it’s very much prone to critical bugs  so I guess we should consider ourselves reminded, nine more times.

Published July 4, 2019 — 15:18 UTC

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022
Is The Crypto Market Combating A Lehman Brothers Moment?
June 30, 2022

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin23,104 0.25 % 3.60 % 0.98 %
Ethereum1,693.5 1.16 % 4.32 % 3.51 %
Tether1.001 0.08 % 0.06 % 0.15 %
USD Coin1.001 0.12 % 0.03 % 0.01 %
BNB318.57 0.75 % 1.88 % 12.14 %
Binance USD1.002 0.14 % 0.06 % 0.11 %
XRP0.3646 0.58 % 4.16 % 3.92 %
Cardano0.5105 0.79 % 4.51 % 0.59 %
Solana42.12 0.56 % 2.22 % 3.81 %
Polkadot8.790 1.02 % 4.88 % 7.39 %

Bitcoin (BTC) $ 23,084.00
Ethereum (ETH) $ 1,685.34
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 317.27
Binance USD (BUSD) $ 1.00
XRP (XRP) $ 0.363984
Cardano (ADA) $ 0.508619
Solana (SOL) $ 40.28
Polkadot (DOT) $ 8.74