Monero CSS wallet withdraws nearly $500,000
[ad_1]
In a surprising turn of events, MoneroThe popular privacy-focused cryptocurrency disclosed a Community Crowdfunding System (CCS) wallet vulnerability that occurred on September 1, 2023.
The attacker drained the wallet of 2,675.73 XMR, equivalent to approximately $460,000 USD.The incident raises concerns about security and privacy Blockchain Monero.
The attack occurred in a series of nine transactions, during which the perpetrators obtained the entire balance from the CCS wallet.
The incident received little attention until recently, when blockchain security firm Moonstone Research discovered the attackers’ actions.
Moonstone Research tracked the attacker’s transactions and indicated that the vulnerability was performed by a Monerujo wallet user who had enabled a feature called “PocketChange.”
Monerujo is an Android-based, non-custodial Monero wallet that offers the PocketChange feature, designed to enhance Monero’s security model by creating multiple “pockets” or “notes.”
Analyzing the Exploitation of Monero’s Security Features
Monerujo’s PocketChange feature works by splitting larger Monero coins into smaller portions and then distributing them among ten different pockets.
This fragmentation ensures that coins are not merged, allowing users to instantly spend from multiple pockets without the usual waiting time.
According to Moonstone Research’s findings, the attacker exploited this feature to generate 11 output enotes, a behavior inconsistent with normal transactions.
Moonstone Research expressed confidence in their assessment whether the attackers were using Monerujo version 3.3.7 or 3.3.8.
Colin Wu, a Chinese cryptocurrency journalist known for his insights into the cryptocurrency industry, weighed in on the hack.
Wu shared his observations on his official
While the origins of the attack remain a mystery, the incident raises questions about the security of the Monero blockchain and the effectiveness of its security features.
The Monero team announced that the community crowdfunding system CCS Wallet was attacked on September 1, 2023, and the entire balance of 2,675.73 XMR (approximately US$384,000) was stolen. The source of the vulnerability cannot be determined at this time. Slow Mist thinks…
— Wu Blockchain (@WuBlockchain) November 5, 2023
The CCS wallet serves as a financing system for community-driven projects. As of September 1, 2023, the total balance is 2,675.73 XMR.
This balance is accumulated through donations from the community and is designed to support various initiatives within the ecosystem.
The exploitation of CCS wallets has raised concerns about the security of the Monero network. Privacy is a core tenet of the company’s design, but the incident has raised questions about whether privacy features can be exploited.
While Monero developers continue to work hard to improve the security of the network, this incident reminds us that no system is completely immune to vulnerabilities.
Bitcoin News Synthetic.
[ad_2]
Source link