Monero’s Community Crowdfunding Wallet Compromised, Losing $460,000 Worth of XMR
A recent incident revealed that Monero’s community crowdfunding wallet was hacked, resulting in the loss of its entire balance of 2,675.73 Monero (XMR), which is valued at nearly $460,000.
Attack Occurred in September, Disclosed in November
The attack took place on September 1 but was only disclosed on GitHub on November 2 by Monero’s developer Luigi. The source of the breach has not yet been identified.
“The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”
Impact on Monero’s Community Crowdfunding System
Monero’s Community Crowdfunding System (CCS) provides funds for development proposals from its members. The attack has had significant consequences for contributors who may have relied on these funds for essential expenses such as rent or food.
Limited Access to Wallet Seed Phrase
Luigi and Monero’s developer Ricardo “Fluffypony” Spagni were the only two individuals with access to the wallet seed phrase. According to Luigi, the CCS wallet was set up on an Ubuntu system in 2020 alongside a Monero node.
Mechanics of the Attack
To make payments to community members, Luigi used a hot wallet that had been stored on a Windows 10 Pro desktop since 2017. The hot wallet was funded by the CCS wallet as needed. However, on September 1, the CCS wallet was emptied in nine transactions. Monero’s core team is now calling for the General Fund to cover its current liabilities.
Possible Connection to Ongoing Attacks
Spagni speculated that the breach might be linked to previous attacks since April, which involved compromised keys, including Bitcoin wallet.dats and Ethereum pre-sale wallets. Other developers believe that the attack could have originated from the wallet keys being available online on the Ubuntu server.
Security Risks of Compromised Windows Machines
A pseudonymous developer named Marcovelon suggested that Luigi’s Windows machine may have already been part of an undetected botnet, allowing the attackers to gain access through SSH session details or remote desktop control capabilities. This type of compromise is not uncommon and has led to significant breaches in corporate environments.
Hot Take: Security Breach Highlights the Importance of Robust Measures
This incident underscores the critical need for robust security measures when handling cryptocurrency wallets. It serves as a reminder that even with limited access to wallet seed phrases, vulnerabilities can still exist. To protect your digital assets, it is crucial to regularly update security protocols, use trusted hardware and software solutions, and remain vigilant against potential threats.
By
By
By
By
By