Cole Petersen · 3 hours ago · 2 min read · Insights via Band Protocol
In a post-mortem report released on their website on Tuesday, the developers of Monero say they were able to patch a potentially serious bug that would’ve allowed malicious users to ‘burn’ cryptocurrency exchange deposits.
A Post Mortem of The Burning Bug: https://t.co/Iqii03G3DJ
— Monero || #xmr (@monero) September 25, 2018
This burning would be achieved by users flooding the same stealth address with multiple payments, effectively rendering the funds in the account unusable, because after the initial request all other requests would be rejected as suspicious. The only thing the malicious user would lose is transaction fees paid to whatever exchange the wallet they’re attacking is a part of.
Breaking down the bug
The report explains the bug as follows:
“The bug basically entails the wallet not providing a warning when it receives a burnt output. Therefore, a determined attacker could burn the funds of an organization’s wallet whilst merely losing network transaction fees.”
Because of the way a key image is generated when sending Monero, multiple requests would result in multiple, identical key images, causing every subsequent transaction to be rejected. An attacker would do this by modifying the code to send the same private key every time, generating the duplicate public keys and causing the system to reject the transactions after the first.
The burnt stealth address the requests are being sent to would only be usable once, rendering everything else as good as gone.
This is how Monero breaks it down in detail:
“An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange’s hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange’s wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker’s action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.”
How they found it
The bug was, according to Monero’s report, discovered by a community member’s hypothetical description of this attack on the Monero subreddit.
Once the Monero dev team saw the danger in this bug and that it could actually be exploited, they issued a patch and notified as many merchants, exchanges, and services using Monero as they could so they could install it. The developers also informed everyone on their public mailing list of the danger and patch.
Monero says that while some damage was done, the bug has not affected the protocol or the coin supply. They ended their post-mortem with a word of caution: that cryptocurrency technology is still vulnerable to critical bugs, and that everyone in the community should do their best to stay informed.