Categories: News

Monero vulnerability revealed that allowed to steal XMR from cryptocurrency exchanges

The anonymous cryptocurrency team Monero revealed nine security vulnerabilities, including one that could allow hackers to steal XMR from exchanges.

As reported in the HackerOne report, until March, unscrupulous miners Monero could hypothetically create “specially tuned” blocks to make Monero wallets accept fake XMR deposits chosen by the attacker.

“We believe that this could have been used to steal money from stock exchanges,” the researchers said in an initial report. In the end, they were awarded 45 XMR ($ 4,100) for their efforts.

Five vectors of DoS attacks were also uncovered, one of which received a “critical” level of importance.

Another vulnerability is related to the CryptoNote protocol used in Monero to increase the confidentiality of transactions. It could lead to the fact that fraudsters sabotaged the work of Monero nodes, intentionally requesting large amounts of blockchain data from the network.

Andrei Sabelnikov, who discovered the error, told the Hard Fork publication:

“If you have a fairly large blockchain (with such a long history as Monero […]), you can send a protocol request that will call all its blocks from another node, which may contain hundreds of thousands of blocks. Preparing a response to such a request can take a lot of resources. In the end, the OS can stop its execution due to the huge memory consumption that is typical for Linux systems. ”

Sabelnikov warned that there may be other cryptocurrency projects based on CryptoNote, which have similar vulnerabilities. It has also been found that Monero software allows for “undeclared” memory to leak to unreliable network nodes. It was reported that this type of memory could include confidential material (such as cryptographic or other similar personal data).

The bulk of these errors was discovered about four months ago. Eight vulnerabilities have since been fixed, and one remains almost completely unrevealed. It seems that the reports are timed to the release of Monero version 0.14.1.0 in June. It should be noted that most of these shortcomings have been described as “proof of concepts”.

In 2017, the Monero team discovered
and fixed a bug in the CryptoNote protocol. The error allowed double spending, in other words, ensured the creation of an unlimited number of coins. In March of this year, the Monero network was successfully activated.
an update that protected the network from the big bang attack, which is based on the dynamic block size algorithm.

Miners Hashrate

Recent Posts

Mining RTX 3070 at NiceHash: Overclocking, tuning, profitability, consumption

Mining on RTX 3070. Overclocking, tuning, profitability, consumption: If you are interested in finding more…

5 months ago

Mining GTX 1660, 1660 Ti, 1660 Super: Overclocking, settings, consumption

Mining with GTX 1660, 1660 Ti, 1660 Super. Overclocking, settings, consumption, profitability, comparisons - If…

5 months ago

Mining RTX 2070 and 2070 Super: Overclocking, profitability, consumption

Mining with RTX 2070 and 2070 Super. Overclocking, profitability, consumption, comparison What the RTX 2070…

5 months ago

Mining with RTX 3060, 3060 Ti. Limitations, overclocking, settings, consumption

Mining with RTX 3060, 3060 Ti. Limitations, overclocking, settings, consumption, profitability, comparison Let's look at…

5 months ago

Alphacool Eisblock Aurora Acryl GPX-A Sapphire – test: 2.8 GHz++ are not an issue

Alphacool Eisblock Aurora Acryl GPX-A (2022) with Sapphire Radeon RX 6950 XT Nitro+ Pure in…

5 months ago

Corporate Crypto Strategies 4.0: Leading with Bitcoin Expertise

In the ever-evolving landscape of business strategy, Bitcoin has emerged as a pivotal asset. With…

5 months ago

This website uses cookies.


Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/gamefeve/bitcoinminershashrate.com/wp-includes/functions.php on line 5373

Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /home/gamefeve/bitcoinminershashrate.com/wp-includes/functions.php on line 5373