Monero’s community wallet loses all funds after attack

Altcoins

A recent attack compromised Monero’s community crowdfunding wallet, wiping out its entire balance of 2,675.73 Monero (XMR), worth nearly $460,000.

The incident took place on Sept. 1 but was only disclosed on GitHub on Nov. 2 by Monero’s developer Luigi. According to him, the source of the breach has not been identified yet.

“The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”

Monero’s Community Crowdfunding System (CCS) funds development proposals from its members. “This attack is unconscionable, as they’ve taken funds that a contributor might be relying on to pay their rent or buy food,” noted in the thread Monero’s developer Ricardo “Fluffypony” Spagni.

Luigi and Spagni were the only two people who had access to the wallet seed phrase. According to Luigi’s post, the CCS wallet was set up on an Ubuntu system in 2020, alongside a Monero node.

To make payments to community members, Luigi used a hot wallet that has been on a Windows 10 Pro desktop since 2017. As needed, the hot wallet was funded by the CCS wallet. On Sept. 1, however, the CCS wallet was swept in nine transactions. Monero’s core team is calling for the General Fund to cover its current liabilities.

“It’s entirely possible that it’s related to the ongoing attacks that we’ve seen since April, as they include a variety of compromised keys (including Bitcoin wallet.dats, seeds generated with all manner of hardware and software, Ethereum pre-sale wallets, etc.) and include XMR that’s been swept,” Spagni noted in the thread.

According to other developers, the breach could have originated from the wallet keys being available online on the Ubuntu server.

“I wouldn’t be surprised if Luigi’s Windows machine was already part of some undetected botnet and its operators performed this attack via SSH session details on that machine (by either stealing the SSH key or live using trojan’s remote desktop control capability while the victim was unaware). Compromised developers’ Windows machines resulting into big corporate breaches is not something uncommon,” noted pseudonymous developer Marcovelon.

Magazine: Slumdog billionaire — Incredible rags-to-riches tale of Polygon’s Sandeep Nailwal

Products You May Like

Articles You May Like

Saylor falls for fake Trump news, Kraken restructures, and more: Hodler’s Digest, Oct. 27 – Nov. 2
Elon Musk reposts call to end the US Federal Reserve Bank 
Ethereum hits $3.2K, surpassing Bank of America market cap
Bitcoin to be ‘political imperative,’ owning none ‘a liability’ — NYDIG
Cumulative traffic to exchanges increased by 8% in October — report

Leave a Reply

Your email address will not be published. Required fields are marked *