Released on their website on Tuesday, the developers of Monero say they were able to patch a potentially serious bug that would've allowed malicious users to 'burn' cryptocurrency exchange deposits.
Co/Iqii03G3DJ. - Monero || #xmr September 25, 2018.This burning would be achieved by users flooding the same stealth address with multiple payments, effectively rendering the funds in the account unusable, because after the initial request all other requests would be rejected as suspicious.
The only thing the malicious user would lose is transaction fees paid to whatever exchange the wallet they're attacking is a part of.
"The bug basically entails the wallet not providing a warning when it receives a burnt output. Therefore, a determined attacker could burn the funds of an organization's wallet whilst merely losing network transaction fees."
Because of the way a key image is generated when sending Monero, multiple requests would result in multiple, identical key images, causing every subsequent transaction to be rejected.
An attacker would do this by modifying the code to send the same private key every time, generating the duplicate public keys and causing the system to reject the transactions after the first.
"An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality, the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.".
The bug was, according to Monero's report, discovered by a community member's hypothetical description of this attack.
Once the Monero dev team saw the danger in this bug and that it could actually be exploited, they issued a patch and notified as many merchants, exchanges, and services using Monero as they could so they could install it.
Monero says that while some damage was done, the bug has not affected the protocol or the coin supply.
Monero Patches 'Burning Bug'
pubblicato su Sep 26, 2018
by Cryptoslate | pubblicato su Coinage
Coinage
Menzionato in questo articolo
Notizie recenti
Vedi tutti
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.