Monero's developers have emitted their second software bug postmortem examination in a month – this time for a flaw miscreants could have exploited to burn through exchanges' digital cash.
The organization behind the XMR cryptocurrency – favored by some crypto-jackers as well as legitimate netizens – explained on Tuesday the details behind a programming blunder first highlighted on the Monero subreddit last week.
It centers on the concept of a stealth wallet address, to which funds can be sent and the recipient is kept secret. As Team Monero explained:
Practically speaking this bug is exploited as follows. An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange's hot wallet) are sent to the same stealth address.
Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR.
The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.
Now, we're assured the system would have prevented these bonus coins from being used or exchanged as they would be detected as a double spend – meaning one of the XMR transaction would go through and be spent, and the rest stuck in limbo. It would have potentially drained exchanges' wallets by invalidating their coins, though.
Hence the name, "burning bug" – it would have burned exchanges' money piles, had it been exploited.
"A determined attacker could burn the funds of an organization's wallet whilst merely losing network transaction fees. They, however, do not accrue direct monetary gains," Team Monero explained.
"In sum, a bug in the wallet software allowed a determined attacker to cause significant damage to organizations present in the Monero ecosystem with minimal cost."
The bug was fixed in this source code pull request, and we're told since the bug affected exchanges rather than being written into the protocol, the supply of coins isn't affected. Exchanges ingested the fix ahead of Tuesday's public disclosure to thwart attacks against this particular oversight.
It's the second critical bug Monero has taken public this month. On September 5, the team outlined a multiple counting bug in the cryptocurrency. It manifested in two forms: the code failed to check for duplicate public key; and the code didn't “a check against dummy transaction public keys”, meaning an attacker could “trick the wallet into scanning the outputs in a transaction twice.”
Meanwhile, the Bitcoin world has similarly just got over a big bad bug... ®
Sponsored: Ransomware has gone nuclear