Table of Contents
The Monero community wallet was hit by a major exploit, resulting in the loss of its entire balance of 2,675.73 Monero (XMR), worth almost $460,000. The cause and source of the exploit are currently unidentified.
The attacker reset the balance of the community wallet in nine separate transactions.
Late Disclosure By Monero
According to reports, the hack in question took place on the 1st of September. However, it was disclosed on GitHub after two months, on the 2nd of November, 2023, by Monero developer Luigi, who stated that the community wallet had been completely emptied. The developer also stated that the source of the breach was yet to be identified.
“The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on the 1st of September, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”
However, cybersecurity firm SlowMist stated that it was unlikely the hack was a result of a loophole in the Monero privacy model. Moonstone Research was investigating how the attacker moved the stolen funds. Their analysis revealed some interesting results, and they were able to trace three of the hacker’s transfers.
Monero’s Community Crowdfunding system funds development proposals from members. Monero developer Ricardo’ Fluffypony’ Spagni, the only other individual with access to the wallet seed phrase, noted,
“This attack is unconscionable, as they’ve taken funds that a contributor might be relying on to pay their rent or buy food.”
According to Luigi, the CSS wallet was set up on an Ubuntu system in 2020, along with a Monero node.
Details Of The Hack
Luigi used a hot wallet to make payments to community members. This wallet has been on a Windows 10 Pro desktop since 2017. The hot wallet was funded by the CSS wallet as and when needed. However, on the 1st of September, the CSS wallet was wiped clean in nine transactions. Following the incident, the Monero core team is calling for the General Fund to cover current liabilities. Spagni noted in the GitHub thread,
“It’s entirely possible that it’s related to the ongoing attacks that we’ve seen since April, as they include a variety of compromised keys (including Bitcoin wallet.dats, seeds generated with all manner of hardware and software, Ethereum pre-sale wallets, etc.) and include XMR that’s been swept.”
Other developers have speculated that the breach could have occurred due to the wallet keys being available online on the Ubuntu server. Pseudo-anonymous developer Marcovelon noted,
“I wouldn’t be surprised if Luigi’s Windows machine was already part of some undetected botnet and its operators performed this attack via SSH session details on that machine (by either stealing the SSH key or live using trojan’s remote desktop control capability while the victim was unaware). Compromised developers’ Windows machines resulting into big corporate breaches is not something uncommon.”
Monero Price Analysis
Monero is currently trading at the $166 mark. The token has registered an increase of 0.6% over the past 24 hours and 5.59% over the past week. However, the price has registered a drop, falling from the $170.80 mark to its current level of $166. According to Changelly, Monero’s price forecast indicates that its value could increase by 4.64% and push above the $170 mark. However, the impact of the news of the hack remains to be seen, and we could see Monero drop in the short term. Technical indicators suggest a 58% bullish neutral market sentiment, while the Fear & Greed Index is at a score of 68, indicating greed.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.