Monero Community Wallet Suffers $460,000 Breach; Source and Recovery Measures Underway
Summary:
Monero's community crowdfunding wallet recently suffered a severe security breach, leading to a loss of all its funds, which totalled to 2,675.73 Monero (XMR) or approximately $460,000. The incident took place on September 1 but was only announced on November 2, with the source of the breach still unknown. Developers Luigi and Spagni, the only ones with access to the wallet seed phrase, couldn't prevent nine transactions that emptied the wallet. Monero's core team now seeks assistance from the General Fund to offset its current debts. The potential cause could be the wallet keys left accessible online, which possibly point to an elaborate cyber attack.
Monero's community crowdfunding wallet experienced a significant security breach recently, resulting in the loss of all its funds amounting to 2,675.73 Monero (XMR), equating to nearly $460,000. The compromise occurred on September 1 but was only made public via GitHub on November 2 by Monero's developer, Luigi. The root cause of this security violation remains unknown. Luigi revealed in a statement that "The CCS Wallet was completely emptied of 2,675.73 XMR (the total amount in it) on September 1, 2023, shortly before midnight. The hot wallet, which we use for making payments to contributors, is safe; it currently holds around 244 XMR. We are still in the dark about the origin of the security breach."
The Community Crowdfunding System (CCS) of Monero raises funds for project ideas proposed by its community members. Taking this into account, Monero's developer Ricardo "Fluffypony" Spagni expressed his outrage in the thread, stating, "This breach is absolutely reprehensible, considering that these funds might have been crucial for a contributor to cover daily expenses such as rent or groceries."
Access to the wallet seed phrase was only granted to Luigi and Spagni. As per Luigi's update, the Ubuntu system in 2020 was used to set up the CCS wallet along with a Monero node. Payments to community members were made using a hot wallet that had been running on a Windows 10 Pro desktop since 2017. Transfers to the hot wallet were made as required from the CCS wallet. However, on September 1, the CCS wallet was cleared out over nine transactions.
Monero's core team has appealed to the General Fund to compensate for its current debts. Spagni suggested in the thread, "It's plausible that the incident is connected with the series of attacks we've observed since April โ these attacks have involved various types of compromised keys, sweeping XMR among other things."
Several developers speculate that the breach could have arisen from the wallet keys being accessible via the Ubuntu server online. A pseudonymous developer named Marcovelon conjectured, "I would not rule out the possibility that Luigi's Windows computer was potentially part of an undiscovered botnet, and its operators instigated this attack through SSH session information on that system. Devastating breaches in large corporations due to compromised developers' Windows machines are not an unheard-of occurrence."
Magazine: Slumdog billionaire โ The astounding journey of Sandeep Nailwal from poverty to prosperity as the co-founder of Polygon.
Published At
11/5/2023 6:07:20 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.