Monero Developers Have Just Disclosed Nine Bugs In The Code

The Monero team has reportedly disclosed nine vulnerabilities that are present in the code.

One of these has allowed hackers to steal crypto from exchanges, says The Next Web.

Accepting fake deposits for an XMR account

Until back in March, rogue Monero miners were hypothetically able to create “specifically-crafted” blocks in order to force Monero wallets into accepting fake deposits for an XMR amount chosen by the attacker.

“It is our belief that this can be exploited to steal money from exchanges,” said security researchers in their initial HackerOne report. They were eventually awarded 45 XMR ($4,100) for their huge efforts.

A critical severity

The online publication mentioned above said that five DoS attack vectors were also disclosed, with one labeled “critical” severity.

They also mention a flaw related to CryptoNote – the application layer that’s used for Monero to increase transactional privacy.

This flaw could have seen hackers take Monero nodes down are request massive amounts of blockchain data from the network.

Andrey Sabelnikov, who discovered the bug, told Hard Fork: “If you have quite a big blockchain (with long history like Monero […]), then you can push a protocol request that will call all of its blocks from another node, which could be hundreds of thousands of blocks.”

“Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge memory consumptions, which is typical of Linux systems,” he added.

You can read more data in their original article.

Other than this, Monero was recently the news again after it was highlighted that the listing on the Voyager app would boost the price of the privacy-centered coin and will bring more stability.

There was also a recent interview with MoneroTalk, during which Riccardo Spagni and Howard Chu have talked about various topics that are surrounding the coin.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *