Monero Discloses Vulnerabilities Indicating Serious Misuse By Rouge Miners

Must Read

Anonymous Developer Builds Unofficial Blockchain Explorer For VeChainThor – VeChainThorScan

An anonymous developer has published an unofficial web app called VeChainThorScan that poses as a blockchain explorer for...

Matic Network Announces Stake Capital As Official Staking Partner

Matic Network, the blockchain scalability platform has formally announced Stake Capital, the DeFi service provider as the official...

Huobi Group Steps Up To Help Corona Virus Victims By Donating 10 Million For Medicine And Health

Huobi Group is a leading cryptocurrency exchange firm based out in Singapore, focusing on the digital economy and...
5d946d8cbd798-bpfull
Umme Haani
Vinayak Buckshee is a writer for Thecoinrepublic. she contributes a researched piece on cryptocurrencies and updates. Umme is an aspiring engineer who immensely enjoys writing and technical writing brings the best of both worlds under one roof for her.

Monero, a privacy-focused altcoin has suddenly disclosed nine security vulnerabilities — including one that could have allowed hackers to steal XMR from cryptocurrency exchanges. Rogue Monero miners were hypothetically able to create “specifically-crafted” blocks to force Monero wallets into accepting fake deposits for an XMR amount chosen by the attacker until March.

“It is our belief that this can be exploited to steal money from exchanges,” said security researchers in their initial HackerOne report. They were eventually awarded 45 XMR ($4,100) for their efforts.

Five DoS attack vectors were also disclosed, with one labeled “critical” severity. Another related specifically to CryptoNote, an application layer used by Monero to increase transactional privacy. This flaw could’ve seen bad actors take Monero nodes down by maliciously requesting large amounts of blockchain data from the network.

Andrey Sabelnikov, who discovered the bug, told Hard Fork:

“If you have quite a big blockchain, then you can push a protocol request that will call all of its blocks from another node, which could be hundreds of thousands of blocks.” “Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge memory consumptions, which is typical of Linux systems,” he added.

Monero software was also found to have been leaking “uninitiated” memory to untrusted network peers. This kind of memory reportedly could have included sensitive material. Emerging crypto software like Monero is going to have bugs. The bulk of these bugs was submitted roughly four months ago. Eight vulnerabilities have since been patched, while one remains almost entirely undisclosed. The reports appear to be timed to coincide with the release of Monero version 0.14.1.0 in June.

It should be noted that most of these flaws were described as “proof of concepts.” At pixel time, there have been no reports of these bugs being exploited in the wild.

Last year, a bug in Monero wallet software was found that would have allowed XMR to be drained from wallets (owned by cryptocurrency exchanges, for example) in targeted attacks.

At the time, devs warned its discovery should remind the public that cryptocurrency (and related software) is still in its infancy and that it’s very much prone to critical bugs — so I guess we should consider ourselves reminded, nine more times.

Hot News

Anonymous Developer Builds Unofficial Blockchain Explorer For VeChainThor – VeChainThorScan

An anonymous developer has published an unofficial web app called VeChainThorScan that poses as a blockchain explorer for the VeChain (VET) cryptocurrency. Node...

Matic Network Announces Stake Capital As Official Staking Partner

Matic Network, the blockchain scalability platform has formally announced Stake Capital, the DeFi service provider as the official staking partner. Matic Network stated...

Huobi Group Steps Up To Help Corona Virus Victims By Donating 10 Million For Medicine And Health

Huobi Group is a leading cryptocurrency exchange firm based out in Singapore, focusing on the digital economy and Blockchain. The global branches of...

Baidu Searches For Bitcoin Reaches New Low Yet Prices Are On An Uptrend

Baidu is seeing a new monthly low in searches for Bitcoin although the prices for the famous cryptocurrency seem to be on an...

Reckless Review Host Thinks Stablecoin Success Depends Entirely On Bitcoin

Reckless Review, tweeted out his opinion that the success of Stablecoins depends entirely on Bitcoin. The Bitcoinist also went on to state that...

SEC Will Inaugurate A Node On XRP Ledger Said Ripple’s EX

SEC had made the announcement sometimes back said alterity, SEC did not even call Ripple to ask for the Authorization, only intended to...

Matic Network Announces Stake Capital As Official Staking Partner

Matic Network, the blockchain scalability platform has formally announced Stake Capital, the DeFi service provider as the official staking partner. Matic Network stated...

Huobi Group Steps Up To Help Corona Virus Victims By Donating 10 Million For Medicine And Health

Huobi Group is a leading cryptocurrency exchange firm based out in Singapore, focusing on the digital economy and Blockchain. The global branches of...

Baidu Searches For Bitcoin Reaches New Low Yet Prices Are On An Uptrend

Baidu is seeing a new monthly low in searches for Bitcoin although the prices for the famous cryptocurrency seem to be on an...

Reckless Review Host Thinks Stablecoin Success Depends Entirely On Bitcoin

Reckless Review, tweeted out his opinion that the success of Stablecoins depends entirely on Bitcoin. The Bitcoinist also went on to state that...

RELATED NEWS

Anonymous Developer Builds Unofficial Blockchain Explorer For VeChainThor –...

An anonymous developer has published an unofficial web app called VeChainThorScan that poses...

Matic Network Announces Stake Capital As Official Staking Partner

Matic Network, the blockchain scalability platform has formally announced Stake Capital, the DeFi...

Huobi Group Steps Up To Help Corona Virus Victims...

Huobi Group is a leading cryptocurrency exchange firm based out in Singapore, focusing...