On July 3rd, reports from HackerOne revealed that Monero had exposed several security vulnerabilities, including one that could be used to steal XMR from exchanges.
Monero (XMR) is a distributed ledger project that is gaining popularity as a leading currency with privacy. The Monero project has established itself in the cryptocurrency community by focusing on privacy and electronic cash. While Monero uses the same UTXO ledger structure as bitcoin, its design changes the way of UTXO packages and broadcasting to network. What’s more, with one-time ring signature architecture, it effectively creates unlinkable transactions that cannot be recognized by a third party.
Monero dealt with nine vulnerabilities in the XMR code. One is very important, cause it opened a back door for hackers to steal Monero tokens from various exchange platforms. It’s claimed that the miners were able to bypass the securities and forge trading blocks in various XMR accounts. Once a fraudster’s account is credited, they can exchange it for other COINS and make withdrawals, pulling the money out of their pockets.
HackerOne’s researchers were quick to point out the flaw, stating, ” the setup may be used to drain cash from exchanges, with XMR coins not being present in the account”. The researchers received a reward of 45 XMR for their efforts. (About $4,100 at the time of the transaction)
The result, according to defect finder Andrey Sabelnikov, is that large blockchains like Monero can be easily manipulated by such defects. The user can request all block data from one node in the chain. This request allocates a large amount of resources, and an operating system like Linux where most nodes are based will shut down the nodes due to memory requirements and consumption.
The good news is that there are no reports or evidence that these vulnerabilities lead to malicious activity.
Weekend is the most representative female writer in the blockchain industry. She is known for her keen news capture ability and is good at English writing of blockchain news in the Chinese region.