“Burning” Monero bug could have helped hackers steal massive amounts of cryptocurrencies

  • Monero developers have already issued out a patch that addresses the bug.
  • The bug exists due to an inherent flaw in the Monero code that manages stealth addresses.

A bug in the anonymous cryptocurrency Monero was recently discovered serendipitously. The bug, if exploited, could have allowed cybercriminals to steal massive amounts of cryptocurrencies from exchanges. The Monero team reportedly deemed the flaw as a “burning” bug and have already issued out a patch that addresses the bug.

The bug exists due to an inherent flaw in the Monero code that manages stealth addresses. ZDNet reported that the first time that the issue came to light was when a user posted a hypothetical question about stealth addresses in a Monero subreddit. The user reportedly asked what would happen if multiple transactions were transferred to a stealth address.

“The bug basically entails the wallet not providing a warning when it receives a burnt output. Therefore, a determined attacker could burn the funds of an organization's wallet whilst merely losing network transaction fees,” Monero developers wrote in a post. “They, however, do not accrue direct monetary gains. Nonetheless, there are probably means to indirectly benefit.”

How it works

According to Monero developers, sending multiple transactions to the same stealth address would result in the creation of multiple duplicate key images. Although the network rejects more than one similar image key, an attacker would potentially be able to spend funds from the stealth address once.

In the event that an attacker exploited the bug, he/she would first have to generate a random private transaction key. The attacker would then have to modify the Monero code to use this transaction key, ensuring that multiple transactions are sent to the same stealth address.

“Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR,” Monero developers explained. “The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.”

Monero developers said that they have privately notified several cryptocurrency exchanges. Monero is not the only cryptocurrency that faced such an issue. Recently, a potentially powerful Bitcoin flaw was discovered and fixed. The bug would have allowed hackers the ability to crash Bitcoin nodes and conduct 51 percent of attacks on the network to approve illegal transactions and steal funds, ZDNet reported.

The discovery of these flaws is an indication of how the cryptocurrency platform is still in its nascent stage and can be more insecure than expected.