The study showed that the Monero transactions, despite their intricacies, cannot be called completely anonymous. The specialists managed to establish the regularity by which data about addresses and the sum of coins are mixed.
Since Monero declares to be completely secure, private and untraceable, this statement is being continuously challenged. It’s always been a race between hackers and developers. This time a bug was found in their network. Such news was reported by the users themselves.
In response, the development team quickly released a patch – it had to remove the bug, which allowed hackers to “burn” coins from the company’s accounts, losing a portion of the coins to pay for the transaction commission.
A burning bug
According to the official statement from the cryptocurrency company, this bug was found immediately after one of the members of the community in details described the hypothetical possibility of conducting a hacker attack on the network of the Monero coin (XMR), on one of the branches of the Reddit imageboard.
Judging by the description, during the attack, vendors and organizations using the XMR network might suffer. In turn, this would allow the hacker to inflict substantial damage to the cryptocurrency.
Here’s how the process of the possible attack was explained:
“The hacker first generates a random private key for the transaction, then he modifies the code to use it instead of the original one. With the modified code, the hacker can perform a number of identical transactions on one public address, for example, on a hot wallet of some crypto exchange. Transactions will also be copied to the stealth address.
Then, the hacker makes a thousand similar transactions on one XMR coin on this wallet but using the same coin. However, the hot wallet of the exchange does not handle such anomalous transactions – the program does not care if the coins are copied to the stealth address. As a result, a crypto exchange does not count 1 XMR coin, but a thousand.”
Monero and Vulnerability
Despite the seeming advantage of such an event, in Monero it is disputed. They say that the hacker could not have made any profit from the sale of these coins unless it was a hidden benefit.
However, after the attack, the hacker could not sell, but exchange XMR for other coins. For example, on BTC. And to sell BTC.
As a result, after such manipulations, the crypto exchange would receive 999 “burnt” coin of a single XMR. In other words, 999 empty copies of one coin that can not be sold.
In addition, we recall that the bug had no effect on the coin distribution protocol. The development team has already created and enabled the hotfix for this code. Monero developers reported the latest news on the official XMR-coin page on Twitter:
“We appeal to all crypto exchanges, services, vendors and other organizations present in the Monero ecosystem. If you have not yet received or installed the patch, please note that you need to do this in any case. 13.0.0-RC1 checks for a patched version of the client. ”
Since Monero declares complete privacy and the “inability to track” the transactions of its coin, it was most often used to commit illegal activities in the cryptocurrency sector.
As previously reported, this month, cybercriminals managed to steal a large amount of XMR coins from users of the Google Chrome browser. For this, hackers cracked the MEGA plugin.