The Monero (XMR) developer team will reportedly issue a patch to fix a bug in its wallet software after its discovery was made public by another crypto project.
A medium post by a Ryo (RYO) account revealed on March 3 that the bug was capable of allowing users to make fake deposits to crypto exchanges.
The Monero team has been swift in responding to buggy situations in its ecosystem, with an active development program meaning that such a state of affairs isn’t improbable.
The latest wallet bug relates to coinbase transactions, which refer to the first transactions in a block that are made by miners.
According to the Ryo article, the crypto platform reportedly sent an email to the Monero-announce mailing list in which it cautions exchanges and other crypto service operators using XMR of the bug.
It notes that the crypto’s Vulnerability Response team had received a disclosure warning of a vulnerability in the outputs of coinbase transactions.
According to the Medium post, the bug posed potential risks in that it could allow malicious actors to claim phony deposits of varied and arbitrary XMR amounts to exchanges.
To help mitigate short-term effects; Monero’s email contained some wallet parameters, ostensibly to provide a workaround that would prevent attackers from exploiting the vulnerability. The privacy coin’s team posted the same workaround on its official Twitter account on March 3.
The Monero account then followed this with another tweet indicating that a fix for the wallet vulnerability was ready and only awaited review.
Even though it appears that the bug may not cause massive damage for Monero, exchanges or users, a swift response is needed soon.
Notably, that looks to have happened as a GitHub page for the patch shows that the code to fix is ready. It means that what remains is for Monero to publish it.
Interestingly, the same vulnerability was fixed seven months ago by Ryo, a crypto project derived from Monero. The cryptocurrency did not disclose the discovery of the bug to the Monero team at the time, apparently suggesting that it kept off because Monero has a “long history” of being toxic towards security researchers.
Ryo further claims that its team has also accidentally disclosed the presence of a different kind of vulnerability, which it notes needs to be patched by Monero too.
The Ledger team posted a Reddit warning on March 4 in which it advises its customers against using the Nano S Monero app following the discovery of another bug responsible for the loss of 1,680 XMR by a user.
The wallet provider later announced that the Monero bug is likely to be triggered as a result of using the Monero Ledger HW app in combination with Monero’s latest client 0.14.
Disclaimer: This is not investment advice. Cryptocurrencies are highly volatile assets and are very risky investments. Do your research and consult an investment professional before investing. Never invest more than you can afford to lose. Never borrow money to invest in cryptocurrencies.