Security breach unveiled: Monero’s CCS wallet drained of $460,000

The post Security breach unveiled: Monero’s CCS wallet drained of $460,000 appeared on BitcoinEthereumNews.com.

In a surprising turn of events, Monero, the popular privacy-focused cryptocurrency, disclosed an exploit of its Community Crowdfunding System’s (CCS) wallet that occurred on September 1, 2023. The attacker managed to drain the wallet of 2,675.73 XMR, equivalent to approximately $460,000. This incident has raised concerns about the security and privacy of Monero’s blockchain. The attack unfolded in a series of nine transactions, where the perpetrator managed to siphon the entire balance from the CCS wallet. The incident remained under the radar until recently when Moonstone Research, a blockchain security firm, identified the attacker’s actions. Moonstone Research traced the attacker’s transactions and suggested that the exploit was executed by a Monerujo wallet user who had enabled a feature known as “PocketChange.” Monerujo is an Android-based non-custodial Monero wallet that offers the PocketChange feature, which is designed to enhance Monero’s privacy model by creating multiple “pockets” or “enotes.” Analyzing the exploitation of Monero’s privacy features Monerujo’s PocketChange feature works by breaking down larger Monero coins into smaller parts and distributing them into ten different pockets. This fragmentation ensures that the coins do not merge again, allowing users to spend from various pockets instantly without the usual waiting period. According to Moonstone Research’s findings, the attacker exploited this feature to create 11 output enotes, a behavior inconsistent with typical transactions. Moonstone Research expressed confidence in their assessment, regardless of whether the attacker used Monerujo version 3.3.7 or 3.3.8. Chinese crypto reporter Colin Wu, known for his insights into the cryptocurrency industry, weighed in on the hack. Wu shared his observations on his official X page, Wu Blockchain, and highlighted SlowMist’s assumption that the vulnerability may be a “loophole in the Monero privacy model.” While the source of the attack remains a mystery, the incident has raised questions about the security of Monero’s…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ November 5, 2023 5:26 pm