Monero, the developers patch the bug. Woe to the most anonymous cryptocurrency among the main ones.
The developers of the cryptocurrency Monero have launched a patch that fixes a bug that could have been used by hackers to get funds from exchange illegally.
Stealth transactions on monero
Described by the Monero team as a potentially dangerous bug, the problem arose in the way the exchange platforms Monero they handle incoming transactions, and came to light after a user posted a theoretical question about the Monero subreddit, asking what would happen if someone sent multiple transactions to a stealth address.
For our readers who are not familiar with the term "stealth address", it is sufficient to remember that this is a very recurrent concept in the world of cryptocurrency.
A sender can in fact ask a recipient to create a stealth address usable once only: the sender can send money to the address stealth and the invisible address transmits the funds to the real address of the recipient. In Monero and other cryptocurrencies, invisible addresses are used as payment proxies, allowing users to obtain an additional level of privacy and anonymity.
In an attempt to answer the user's theoretical question Reddit the Monero developers realized that there was an inherent flaw in the code Monero which manages invisible addresses.
Monero bug solved
An attacker could in fact communicate to an exchange of criptovaluta to create a stealth and send 1 coin Monero (XMR) 1.000 times, so it should receive an equivalent value in another cryptocurrency - Bitcoin, in this example - as part of the exchange process.
The Monero developers realized that in situations like these, the exchange, executed on the defective Monero network code, would have replied to all the 1.000 transactions with Bitcoin, but later it would only validate the first one, and invalidate the rest of the funds received. In practice, hackers could send 1 Monero to the exchange, but receive Bitcoins for all 1.000 transactions.
This bug, if discovered by hackers, would have allowed them to steal huge amounts of cryptocurrency from the exchange in seconds.
Fortunately, this dangerous bug has been resolved with the release of v0.12.3.0 of the Monero code. "The error basically consists in the fact that the wallet does not provide a warning when it receives a burned output," the Monero developers said in a post. However, the Monero developers were not the only ones who had to make do to solve a serious security problem.
Last week, the Bitcoin team solved an equally dangerous bug that would allow attackers to block Bitcoin nodes and perform 51% attacks on the entire network to approve invalid transactions and steal funds from legitimate owners.