follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel . ask urgent question ONLY . Subscribe to our reddit . Altcoins Talks Shop Shop


This is an Ad. Advertised sites are not endorsement by our Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise Here

« previous next »
Pages: [1]   Go Down

Author Topic: Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Relea  (Read 1760 times)

Offline ZionRTZ

  • Legendary
  • *
  • *
  • Activity: 1628
  • points:
    2965
  • Karma: 112
  • Trade Count: (0)
  • Referrals: 1
    • Last Active: November 22, 2020, 08:45:01 AM
    • View Profile

    • Total Badges: 23
    Badges: (View All)
    10 Posts First Post Sixth year Anniversary
Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Relea
« on: March 04, 2019, 07:06:58 PM »

A bug in the Monero (XMR) wallet software that could enable fake deposits to exchanges has been recently brought to public attention through a Medium post, published by the official Ryo (RYO) account on March 3.

According to the post, an email reportedly sent to the Monero-announce mailing list warns exchanges and service operators using the coin that the Monero Vulnerability Response team received a disclosure concerning a vulnerability. The vulnerability consists of the mishandling of outputs in coinbase transactions (the first transactions in a block, always made by miners).

This mishandling could potentially allow an attacker to fake the deposit of an arbitrary amount of XMR to an exchange. Still, the email also contained parameters for the wallet, which are effectively a workaround preventing the vulnerability from being exploitable. The official Monero profile also tweeted the same workaround on March 3.

About ten hours later, the Monero account tweeted that the fix for the vulnerability has been written and was awaiting review. From the GitHub page dedicated to the patch, it appears that the code has been already merged with the main branch, which means that the fix is ready and only needs the new release to be published.

Ryo, a cryptocurrency derived from Monero, reports in its Medium post that its team fixed this vulnerability seven months ago. The post justifies the lack of a responsible disclosure towards the Monero team earlier by noting Monero’s “long history of toxic behaviour towards security researchers.”

Furthermore, the post also claims that when discussing the exploit in the Ryo public channel, the author of the post accidentally also disclosed a different issue, concluding:

Quote
“Monero might want to get that one patched too.”

As Cointelegraph reported earlier today, the Ledger developers team have posted a warning on Monero’s subreddit on March 4 advising users not to use the Nano S Monero app after another apparent bug reportedly lead to a user losing 1,680 XMR (equivalent to about $80.000).



SOURCE: https://cointelegraph.com/news/monero-wallet-bug-potentially-enables-exchange-hacks-team-prepares-patch-release
Logged

Altcoins Talks - Cryptocurrency Forum

Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Relea
« on: March 04, 2019, 07:06:58 PM »

This is an Ad. Advertised sites are not endorsement by our Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise Here

Pages: [1]   Go Up
« previous next »
 

ETH & ERC20 Tokens Donations: 0x2143F7146F0AadC0F9d85ea98F23273Da0e002Ab
BNB & BEP20 Tokens Donations: 0xcbDAB774B5659cB905d4db5487F9e2057b96147F
BTC Donations: bc1qjf99wr3dz9jn9fr43q28x0r50zeyxewcq8swng
BTC Tips for Moderators: 1Pz1S3d4Aiq7QE4m3MmuoUPEvKaAYbZRoG
Powered by SMFPacks Social Login Mod