A recent attack compromised Monero’s community crowdfunding wallet, causing the entire balance of 2,675.73 Monero (XMR) to disappear, worth nearly $460,000.
The incident occurred on September 1, but only disclosed Monero developer Luigi released it on GitHub on November 2. According to him, the source of the violation has not yet been identified.
“The CCS wallet was depleted of 2,675.73 XMR (full balance) just before midnight on September 1, 2023. The hot wallet used to pay contributors was not affected; its balance was approximately 244 XMR. So far, we have not been able to Identify the source of the violation.”
Monero’s Community Crowdfunding System (CCS) funds development proposals from its members. “Such attacks are unjustified because they take away funds that contributors might have used to pay rent or buy food,” Monero developer Ricardo “Fluffypony” Spagni noted in the post.
Luigi and Spani are the only two people with access to the wallet’s mnemonic phrase. According to Luigi’s post, the CCS wallet was built on an Ubuntu system in 2020 and equipped with a Monero node.
To pay community members, Luigi uses a hot wallet that has been available on the Windows 10 Pro desktop since 2017. Hot wallets are funded by CCS wallets as needed. However, on September 1st, the CCS wallet was wiped out in 9 transactions. Monero’s core team is calling on the general fund to cover its current liabilities.
“It is entirely possible that this is related to the ongoing attacks we have seen since April, as they include a variety of compromised keys including Bitcoin wallet.dats, various hardware and software generated seeds, Ethereum pre-sale wallets , etc.) and includes XMR that has been cleared,” Spagni noted in the post.
According to other developers, the leak may have originated from wallet keys available online on Ubuntu servers.
“If Luigi’s Windows machine had become part of an undetected botnet, and its operator had performed this attack via the SSH session details on that machine (either by stealing SSH keys or I wouldn’t be surprised to see a real-time attack using the Trojan’s Remote Desktop Control feature while it’s active). It’s not uncommon for developers’ Windows computers to be compromised, leading to major corporate data exfiltrations,” noted pseudonymous developer Marcovelon .
Magazine: Slumdog Billionaire – The Incredible Rags to Riches Story of Polygon’s Sandeep Nailwal
Svlook
