Monero Bug Causes Wallet Downtime

Stellite, Monero, Electroneum and other wallets are currently under maintenance on TradeOgre. This is a security precaution after finding a bug in the Monero wallet. A small excerpt from the Monero blog:

“The bug basically entails the wallet not providing a warning when it receives a burnt output. Therefore, a determined attacker could burn the funds of an organization’s wallet whilst merely losing network transaction fees. They, however, do not accrue direct monetary gains. Nonetheless, there are probably means to indirectly benefit. The notion of burning funds by sending multiple transactions to the same stealth address has been documented for quite some time already, as, for example, can be seen from this Monero SE / Q&A [link removed]. Unfortunately, however, the implications of an organization being involved had not been thoroughly thought through until a community member described a hypothetical attack on the Monero subreddit.

Practically speaking this bug is exploited as follows. An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange’s hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange’s wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker’s action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.”

Source: https://getmonero.org/2018/09/25/a-post-mortum-of-the-burning-bug.html   [09/26]

When the bug is resolved, all wallets on TradeOgre will go out of maintenance and you can continue to withdraw and deposit XTL tokens. Please check back for more information.

[Edit: The bug is fixed and the wallets will be open again very soon.]

 

Share:

Author: AJAWs

Community and Marketing for Stellite | StellitePay: [email protected]

Leave a Reply