Privacy-centric cryptocurrency Monero (XMR) has recently disclosed nine security vulnerabilities, including one that exposed its users to theft, and could’ve seen bad actors steal from cryptocurrency exchanges.
According to the disclosure, up until March rogue XMR miners could’ve created “specifically-crafted” blocks that would’ve forced Monero wallets to accept fake deposits for an XMR amount the attacker would determine. This, according to researchers, could be exploited to steal from cryptocurrency exchanges.
The researchers were awarded 45 XMR, currently worth around $3,900, for helping improve the safety of the cryptocurrency. Five denial of service (DoS) attack vectors were also disclosed, with one of them being labeled as a “critical” one.
Moreover, a CryptoNote-specific vulnerability was found. It would allow bad actors to take down nodes in the cryptocurrency’s network through malicious data requests. Other projects using CryptoNote may be susceptible to the vulnerability.
Speaking to The Next Web Andrey Sabelnikov, the researcher who found the bug, stated that a blockchain like that of Monero – with a long history – could’ve seen attackers make a protocol request “that will call all of its blocks from another node, which could be hundreds of thousands of blocks.”
Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge memory consumptions, which is typical of Linux systems.
As the news outlet reports, the reports coincided with the release of the Monero version 0.14.1.0 last month. While eight vulnerabilities have already been fixed, one remains mostly undisclosed, presumably as developers work on it.
So far there have been no reports of any of the disclosed vulnerabilities being exploited. As CryptoGlobe covered, late last year Monero developers fixed a major bug that would have allowed attackers to both double spend and destroy XMR.
The privacy-centric cryptocurrency, which saw hackers hijack internet users’ CPU resources to mine it, established a workgroup at about the same time to fight back against the trend, which has now slowed down.