Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Release

A bug in the Monero wallet software that could enable fake deposits to exchanges has been recently brought to the public’s attention.

A bug in the Monero (XMR) wallet software that could enable fake deposits to exchanges has been recently brought to public attention through a Medium post, published by the official Ryo (RYO) account on March 3.

According to the post, an email reportedly sent to the Monero-announce mailing list warns exchanges and service operators using the coin that the Monero Vulnerability Response team received a disclosure concerning a vulnerability. The vulnerability consists of the mishandling of outputs in coinbase transactions (the first transactions in a block, always made by miners).

This mishandling could potentially allow an attacker to fake the deposit of an arbitrary amount of XMR to an exchange. Still, the email also contained parameters for the wallet, which are effectively a workaround preventing the vulnerability from being exploitable. The official Monero profile also tweeted the same workaround on March 3.

About ten hours later, the Monero account tweeted that the fix for the vulnerability has been written and was awaiting review. From the GitHub page dedicated to the patch, it appears that the code has been already merged with the main branch, which means that the fix is ready and only needs the new release to be published.

Ryo, a cryptocurrency derived from Monero, reports in its Medium post that its team fixed this vulnerability seven months ago. The post justifies the lack of a responsible disclosure towards the Monero team earlier by noting Monero’s “long history of toxic behaviour towards security researchers.”

Furthermore, the post also claims that when discussing the exploit in the Ryo public channel, the author of the post accidentally also disclosed a different issue, concluding:

“Monero might want to get that one patched too.”

As Cointelegraph reported earlier today, the Ledger developers team have posted a warning on Monero’s subreddit on March 4 advising users not to use the Nano S Monero app after another apparent bug reportedly lead to a user losing 1,680 XMR (equivalent to about $80.000).

COMMENTS

By Readers$type=blogging$cate=2$count=6

Name

Analysis,498,News,2984,Press Releases,338,Sponsored,137,
ltr
item
CryptoNomus: Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Release
Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Release
https://images.cointelegraph.com/images/528_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy8wMWUxYzMwMzhmOWVmNGVjN2RkY2ZjOGQzNDMyYmRiYS5qcGc=.jpg
CryptoNomus
https://www.cryptonom.us/2019/03/monero-wallet-bug-potentially-enables.html
https://www.cryptonom.us/
https://www.cryptonom.us/
https://www.cryptonom.us/2019/03/monero-wallet-bug-potentially-enables.html
true
4884201149675661183
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy