Monero’s community wallet loses all funds after attack

A security breach has resulted in the loss of 2,675.73 XMR from Monero's community crowdfunding wallet. The cause and source of the breach remain unidentified.

A recent attack compromised Monero’s community crowdfunding wallet, wiping out its entire balance of 2,675.73 Monero (XMR), worth nearly $460,000.

The incident took place on Sept. 1 but was only disclosed on GitHub on Nov. 2 by Monero’s developer Luigi. According to him, the source of the breach has not been identified yet.

"The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach."

Monero’s Community Crowdfunding System (CCS) funds development proposals from its members. “This attack is unconscionable, as they’ve taken funds that a contributor might be relying on to pay their rent or buy food,” noted in the thread Monero's developer Ricardo "Fluffypony" Spagni.

Luigi and Spagni were the only two people who had access to the wallet seed phrase. According to Luigi's post, the CCS wallet was set up on an Ubuntu system in 2020, alongside a Monero node.

To make payments to community members, Luigi used a hot wallet that has been on a Windows 10 Pro desktop since 2017. As needed, the hot wallet was funded by the CCS wallet. On Sept. 1, however, the CCS wallet was swept in nine transactions. Monero's core team is calling for the General Fund to cover its current liabilities.

"It's entirely possible that it's related to the ongoing attacks that we've seen since April, as they include a variety of compromised keys (including Bitcoin wallet.dats, seeds generated with all manner of hardware and software, Ethereum pre-sale wallets, etc.) and include XMR that's been swept," Spagni noted in the thread.

According to other developers, the breach could have originated from the wallet keys being available online on the Ubuntu server.

"I wouldn't be surprised if Luigi's Windows machine was already part of some undetected botnet and its operators performed this attack via SSH session details on that machine (by either stealing the SSH key or live using trojan's remote desktop control capability while the victim was unaware). Compromised developers' Windows machines resulting into big corporate breaches is not something uncommon," noted pseudonymous developer Marcovelon.

Magazine: Slumdog billionaire — Incredible rags-to-riches tale of Polygon’s Sandeep Nailwal

Comments

Post a Comment

Popular posts from this blog

Bitcoin Price Prediction as the Coin Corrects to $25.8k After Traders Withdrew $100 Million in BTC from Binance

Image
Join Our Telegram channel to stay up to date on breaking news coverage The Bitcoin price saw another dip over the weekend, similar to the one on May 5th. After a brief recovery between May 7th, BTC first dropped to $26.4k, where it remained for the rest of last week, until Saturday, when it crashed to a support at $25.8k, finally dropping below $26,000 once more. Since the drop, the price has been mostly stable, although Bitcoin trading sideways typically does not last. The big question now is whether the price is going to recover again or break the support and continue the drop. Experts believe that BTC might see a potential bullish rally of about +20-25% if the coin maintains its position above the trendline and successfully breaks out from the wedge to the upside. However, a bearish rally toward $21.5k is just as possible if the current support breaks. Others have argued that BTC needs to see $23k and $25k for future gain. The price came too close to the channel suppo
Read more

XRP Could Reach $10,000 For Its Role in CBDCs, Predicts Analyst

Image
Ripple announced a private XRP ledger (XRPL) in 2021 for CBDCs leveraging blockchain technology. The development makes cryptocurrencies “be leveraged as a neutral bridge asset for frictionless value movement between CBDCs and other currencies,” said the company. Around 130 countries around the world are looking to launch CBDCs, touting them as the future of all transactions. 98% of the world is exploring CBDC options, and XRP could gain big if they incorporate their ledger technology with other nations. Also Read: U.S. & European Union React to BRICS Expansion Taking this into consideration, pseudonymous cryptocurrency analyst Bitforcoinz predicted that Ripple ’s integration with CBDCs could catapult the XRP price to new highs. According to the price prediction, XRP could touch $10,000 if it powers CBDCs in all countries that explore digital currencies. #XRP was designed to settle CBDC's! There are not enough XRPz out there to brige all the money at a price of $10
Read more

Binance US chief the latest exec to leave amid regulatory troubles

Brian Shroder, the chief exec of Binance US , has stepped down and been temporarily replaced by chief legal officer Norman Reed, as the firm cuts one-third of its employees amid mounting regulatory scrutiny. Shroder’s departure comes hot on the heels of other Binance top executives leaving, including head of Eastern Europe and Russia, Gleb Kostarev, and global head of product, Mayur Kamat. The global crypto exchange is embroiled in numerous regulatory crackdowns and investigations by the US Commodity Futures Trading Commission (CFTC), Justice Department, and Securities and Exchange Commission (SEC), into money laundering, mishandling customer funds, ignoring sanctions, and more. Binance US has also decided to cut another round of employees, this time more than 100 people. A spokesperson said in a statement that the move was a direct result of regulatory pressure in the US. “The actions we are taking today provide Binance.US with more than seven years of financial runway and enab
Read more