Monero bug could have allowed hackers to steal massive amounts of cryptocurrency

Bug was discovered after a user posted a theoretical question on Reddit.

The developers of the Monero anonymous cryptocurrency have rolled out a patch today that addresses a bug that could have been used by hackers to obtain funds from exchanges illegally.

Described by the Monero team as a "burning" bug, the issue is in how Monero exchange platforms handle incoming transactions.

The issue came to light after a user posted a theoretical question on the Monero subreddit. The user asked what would happen if someone would send multiple transactions to a stealth address.

For ZDNet readers that are unfamiliar with the term of a stealth address, this is a concept in the world of cryptocurrencies.

A sender can instruct a recipient to create a one-time usable stealth address. The sender can send money to the stealth address, and the stealth address relays the funds to the intended recipient's real address. In Monero and other cryptocurrencies, stealth addresses are used as payment proxies, helping users gain an extra layer of privacy and anonymity.

Also: Bitcoin Gold delisted from major cryptocurrency exchange after refusing to pay hack damages

In their effort of trying to answer the Reddit user's theoretical question, the Monero devs realized that there was an inherent flaw in the Monero code that handles stealth addresses.

An attacker could tell a cryptocurrency exchange to create one stealth addresses and send 1 Monero coin (XMR) 1,000 times over, for which it should receive an equivalent value in another cryptocurrency --Bitcoin, in this example-- as part of the exchange process.

Monero devs realized that in situations like these, the exchange, running on the faulty Monero network code, would reply to all the 1,000 transactions with Bitcoin, but would later validate only the first, and invalidate the rest of the received funds, as the stealth address would have expired.

Attackers would basically be sending 1 Monero to the exchange, but receive Bitcoin for all 1,000 transactions. [The number 1,000 was used as an example. An attacker could have repeated this process many times over, stealing massive amounts of funds from exchanges.]

TechRepublic: Bitcoin: A cheat sheet for professionals

This bug, if an attacker would have discovered it, could have allowed hackers to steal massive amounts of cryptocurrency from exchanges within seconds.

This dangerous bug was fixed earlier today with the release of v0.12.3.0 of the Monero code.

"The bug basically entails the wallet not providing a warning when it receives a burnt output," said Monero developers in a bug post-mortem today.

But the Monero devs were not the only ones who had to scramble to fix a serious security issue. Last week, the Bitcoin team fixed a similarly dangerous bug that would have allowed attackers to crash Bitcoin nodes and perform 51% attacks on the entire network to approve invalid transactions and steal funds from legitimate owners.

Related stories: