Monero (XMR) Developers Patch Critical “Burning Bug” Discovered By Community Member

Monero developers have patched and released a postmortem of a malicious bug that exposed exchanges and merchants to a significant risk of attack.

0

Monero developers have patched and released a postmortem of a malicious bug that exposed exchanges and merchants to a significant risk of attack.

A potential hacker could have been credited Monero (XMR) on an exchange or merchant platform by falsifying transactions, and in turn, selling the XMR credited for another cryptocurrency like Bitcoin and then withdrawing the Bitcoin.

Burning bug successfully extinguished

The bug could have hypothetically been used to destroy funds in users’ wallets, causing extensive, irreparable damage and every user, crypto exchange, and merchant accepting payments from in the form of privacy-centric coin Monero was affected.

Monero’s developers issued a patch privately to select exchanges and merchants before releasing the news to the public.

In a post-mortem blog post explaining the patch, the devs disclosed that the bug would have made it possible for an individual to deliberately “burn” XMR. All an attacker needed to do was to send multiple payments to a single stealth address.

The recipient of the payments would have only been capable of spending one of the outputs, with subsequent funds being rendered unspendable.

The generation of duplicate key images during the process would lead to the rejection of further transactions, with the network automatically rejecting these transactions as they would be flagged as attempts to double spend.

What made the burning bug dangerous was the fact that it could manipulate a wallet without triggering any warning for the wallet’s owner when a burnt output is received.

Thus, an attacker could burn funds in an exchange’s or merchant’s wallet and all they would lose would be network transaction fees.

For instance, an attacker could send 1 XMR in one thousand faulty transactions using the manipulated code. However, since the exchange’s wallet cannot see the difference between manipulated and legitimate transactions, it allows the user to spend their coins.

In the end, the attacker is able to trade redeem their 1000 XMR for BTC, which they can then withdraw and spend as they please. The exchange, on the other hand, is left with 999 burnt or unspendable outputs of 1 XMR.

It means that by merely spending network transactions fees, an attacker could severely cripple any exchange (and users with funds on the exchange) with massive financial losses.

Monero’s coin supply unaffected by bug

Perhaps the biggest danger of the bug is to Monero’s global coin supply. By burning coins, an attacker ostensibly reduces the number of coins in circulation.

The value of the remaining spendable XMR would be expected to increase relative to market capitalization. The attacker would then sell his coins at a profit, capitalizing on the increased demand.

If looking to short, such an attack could be used to tank the value of an exchange, and profit from the falling stock price.

The possibility of such an exploit occurring has been discussed before with the crypto community.

However, in the case of Monero, a hypothetical post on the Monero subreddit spurred the developers, who finally realized that such an attack could cause a lot of damage to exchanges, merchants and large organizations holding the token.

There has been some dissatisfaction within the Monero community with regard to how the developers disclosed information about the bug, as well as the private patch distribution.

But a moderator in the coin’s subreddit community has defended the process, saying that there was not enough time to undertake a better bug reporting process due to the severity of possible damages and that precautions needed to be taken to protect the network as quickly as possible.

The team has since made the information public, with a tweet on its official account stating that:

The discovery of the bug highlights the critical point that cryptocurrencies are, indeed, still very vulnerable and only continuous monitoring and developmental upgrades can help strengthen the networks.

Monero sufferers second network issue in two months

Last month, Monero’s network was discovered to have a bug which allowed hackers to steal funds cryptocurrency exchanges trading the coin.

Bug bounty hunter Jason Rhineland revealed the bug creates false transaction data by copying a single line of code from the code base of Monero.

Since Monero is an open-source network, an attacker can access the base easily and manipulate the cryptocurrency amount shown in the wallet as they wish.

Rhineland revealed that each extra line of code multiplied the amount of Monero shown on the account, with the exchanges being forced to verify and fulfill the transaction manually.

More code review needed in the crypto space

Despite this vulnerability, dEBRUYNE, the moderator of the Monero community, revealed that the vulnerability testing employed by the developers were not sufficient and that the community has yet to put in place a better vulnerability reporting protocol.

dEBRUYNE also urged more developers to help out with code review of the Monero project as the community looks to prevent those kinds of bugs from surfacing in the future.

If you are familiar with C and/or C++, please, if time permits it, try to review pull requests (even a partly review is beneficial). Lastly, this event is again an effective reminder that cryptocurrency and the corresponding software are still in its infancy and thus quite prone to (critical) bugs.

Leave A Reply

Your email address will not be published.