Released on their website on Tuesday, the developers of Monero say they were able to patch a potentially serious bug that would've allowed malicious users to 'burn' cryptocurrency exchange deposits.
Co/Iqii03G3DJ. - Monero || #xmr September 25, 2018.This burning would be achieved by users flooding the same stealth address with multiple payments, effectively rendering the funds in the account unusable, because after the initial request all other requests would be rejected as suspicious.
The only thing the malicious user would lose is transaction fees paid to whatever exchange the wallet they're attacking is a part of.
"The bug basically entails the wallet not providing a warning when it receives a burnt output. Therefore, a determined attacker could burn the funds of an organization's wallet whilst merely losing network transaction fees."
Because of the way a key image is generated when sending Monero, multiple requests would result in multiple, identical key images, causing every subsequent transaction to be rejected.
An attacker would do this by modifying the code to send the same private key every time, generating the duplicate public keys and causing the system to reject the transactions after the first.
"An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality, the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.".
The bug was, according to Monero's report, discovered by a community member's hypothetical description of this attack.
Once the Monero dev team saw the danger in this bug and that it could actually be exploited, they issued a patch and notified as many merchants, exchanges, and services using Monero as they could so they could install it.
Monero says that while some damage was done, the bug has not affected the protocol or the coin supply.
Monero Patches 'Burning Bug'
Published on Sep 26, 2018
by Cryptoslate | Published on Coinage
Coinage
Mentioned in this article
Recent News
View All
First Mover: What's Next for Bitcoin as Wall Street Gets Vaccine Booster
Bitcoin was higher for a second day, staying in a range of between roughly $15,200 and $15,600, as news of progress in developing a coronavirus vaccine appeared to touch off a rally in U.S. stocks.
Market Wrap: Bitcoin Fails to Break $15.9K; Over 50K ETH Staked on Eth 2.0 Contract
Bitcoin gained Wednesday while Ethereum 2.0 staking has been ramping up.
Citibank Analyst Says Bitcoin Could Pass $300K by December 2021
A senior analyst at U.S.-based financial giant Citibank has penned a report drawing on similarities between the 1970s gold market and bitcoin.
Blockchain Bites: Data Unions. Hard Forks. And One Citi Analyst's Case for $300K BTC.
A Citibank managing director thinks bitcoin could hit $318,000.