Monero Security Issues Could Have Been Exploited To Steal XMR

by Simon Briggs

Monero, known in the crypto space as a privacy-orientated cryptocurrency, went into “emergency” mode, handling nine vulnerabilities in XMR’s code. One of the issues opened a back-door for hackers to steal Monero tokens from various exchange platforms.

The main issue, a possible Monero theft, is claimed to be caused as a result of miners being able to bypass securities and make fake transaction blocks in various XMR accounts. HackerOne researchers quickly noted the flaw and stated that “the setup may be used to drain cash from exchanges, with XMR coins not being present in the account. The researchers received a bounty of 45 XMR (around $4,100 at the time of the transaction).

The other eight vulnerabilities include five DoS attack possibilities, with one of them, labeled as “critical” in its nature.

Monero’s privacy efforts lead to lessened security – the implementation of CryptoNote, a privacy app layer, resulted in a flaw enabling users to maliciously requesting vast amounts of data from Monero’s blockchain. The result, according to the flaw discoverer, Andrey Sabelnikov, big blockchains like Monero can be easily manipulated with a flaw like this. Users can request all block data from a single node in the chain. The request allocated tremendous amounts of resources and operational systems like Linux, on which most of the nodes are based, will shut down the node due to memory demand and consumption.

The 9 flaws of Monero were not an issue that caused for the very first time immediate actions to be taken by Monero`s developers. Their development team had only four months to fix eight of the nine bugs before releasing the new version of Monero (ver. 0.14.1.0) and hit XMR’s blockchain in June. The good news – there are no reports or evidence of malicious activities as a result of the flaws.

In 2018 Monero suffered from a bug, allowing hackers to drain funds from XMR wallets on the Monero’s blockchain. The flaws show that the technology is still new, but with time it will improve stability and security features.