- Monero revealed that they had nine security vulnerabilities.
- One of these vulnerabilities could have allowed hackers to steal XMR from cryptocurrency exchanges.
Monero (XMR), the privacy-focused altcoin, revealed that they had nine security vulnerabilities, one of which could have allowed hackers to steal XMR from cryptocurrency exchanges. Till March, malicious miners could have used the vulnerability to create “specifically-crafted” blocks to force Monero wallets into accepting fake deposits for an amount chosen by the attacker. Security researchers in a HackerOne report declared, “It is our belief that this can be exploited to steal money from exchanges.” They were rewarded with 45 XMR ($4,100) for their efforts.
Along with this, five DoS attack vectors, one of which was labeled as “critical.” Andrey Sabelnikov discovered the bug. The flaw could’ve enabled malicious actors to take Monero nodes down by requesting large amounts of blockchain data from the network. Sabelnikov told Hard Fork:
“If you have quite a big blockchain (with long history like Monero [“¦]), then you can push a protocol request that will call all of its blocks from another node, which could be hundreds of thousands of blocks”¦.Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge memory consumptions, which is typical of Linux systems.”
Sabelnikov also warned that other crypto projects using CryptoNote, Monero’s underlying protocol, are also vulnerable to these attacks.
Share
