According to a recent official announcement by the developers of Monero team Project, this bug was reportedly discovered when a community member reported a web attack on the XMR subreddit. The bug supposedly effect merchants and organizations within the XMR pace, enabling an offender to trigger vital damage. The web post additionally describes how this bug would be exploited:
“An offender initially generates a random non-public transactional key. Thereafter, they modify the code to simply use this specific non-public transactional key, that ensures multiple transactions to an equivalent public address (e.g. an exchange’s hot wallet) are sent to same stealing address. Later, they send, say, a 1000 transactions of one XMR to an exchange. As a result of the exchange’s wallet doesn’t warn for this specific abnormality (i.e. funds being received on the same stealing address), the exchange can, as usual, credit the attacker with one thousand XMR.”
While Monero notes that the offender wouldn’t be able to directly accrue financial gains with such an attack, “there are probably means to indirectly profits.”
Following the attack, the offender sells the XMR for Bitcoin [BTC] and withdraws the BTC. As a results of the attack, the exchange is left with 999 unspendable or “burnt” outputs of one XMR.
Notably, the bug has not affected the protocol neither its supply. Monero developers later created and enclosed a patch within the code, that was proclaimed via XMR’s official Twitter account:
XMR, that claims to be a non-public and untraceable cryptocurrency, was the target of fallacious activities within the crypto pace antecedently. Earlier this month, the MEGA Chrome extension was compromised, that allowed cybercriminals to steal users’ Monero additionally along with personal information.
Earlier in June, a report revealed by security company Palo Networks found that around five percent of all XMR in circulation at the time was mined maliciously. XMR reportedly has an excellent monopoly on the cryptocurrencies targeted by malware, with a complete of $175 Mln mined maliciously.
Monero is presently the tenth largest digital currency, with a capitalisation of nearly $1.92 Bln with a circulating supply of over 16.43 Mln. At reporting time, XMR is trading at a price of around $113.58 USD.