Hackers Exploits Monero’s Community Wallet Draining All Funds

In a recent update, Monero Network confirmed suffering from a malicious attack that resulted in the loss of substantial assets. The shocking news was brought to light by GitHub on November 2, describing the grim details of the attack.

In a side chat meeting with GitHub Monero’s developer, Luigi revealed that a hacking incident occurred on September 1 after the bad players compromised the crowdfunding wallet owned by the Monero community.

Monero Network Suffers a $460,000 Wallet Exploit

Initially, the Monero Community Crowdfunding System (CCS) was launched to support the members in funding their projects. The developer regretted that the September 1 incident paralyzed the operations of the CCS since the hackers drained all the assets from the community wallet.

According to the report, the bad players escaped with assets worth around 2,675.73 Monero (XMR), which translates to around $460,000 at the current market price.

The developer lamented that the hacking incident shuttered the far-reaching dream of the Monero community. Even though the attack had minimal impact on the Monero community hot wallet, the developers regretted efforts to support members in their initiative were shuttered.

Last month, Luigi confirmed that the Monero team, in collaboration with security experts, has been probing the matter to identify the vulnerabilities in the system. Even though the efforts to identify the source of the exploit have not been actualized, Luigi confessed that the Monero community is conducting a thorough investigation to convict the hackers.

In the meantime, Luigi leads the Monero core team in requesting general funding to cover the liabilities.

Importance of Monero Community Crowdfunding

In an X post, Ricardo “Fluffypony” Spagni, a developer at Monero, highly condemned the hacker’s unlawful activity. Spagni described the attack as unconscionable since it drained the funds that Monero community had been relying on to settle their bills. Hours before the midnight of September 1, nine susceptible transactions were conducted in the CCS wallet.

These transactions emptied all the assets on the CCS wallet, leaving the Monero community in financial woes. After analyzing the incident, Spagni noted the recent exploit corresponds to a previous attack where the bad players compromised the private keys to steal XMR tokens.

In support of this, Luigi argued that the attackers compromised the wallet keys available on the Ubuntu server. He suspected that some undetected botnet had compromised his Windows machine.

Monero Investigating Source of the Exploit

The developers argued that due to the complexity of the attack, maybe the hackers stole the SSH key on his Windows operator. Alternatively, Luigi thought the attackers infected his Windows machine with a trojan with remote control capability.

In the X thread, Marcovelon, a pseudonymous developer, argued that it was common for a developer’s Windows machines to be compromised. The developer stated that despite the security measures, the hacker compromised the CCS.

At the initial launching of the CCS, Spangni and Luigi were the only developers granted permission to access the wallet seed phrase. The team behind the CCS positioned the wallet on the Ubuntu system to support the Monero node.

The CCS wallet has undergone continuous development to meet the ever-changing needs of the Monero contributors. Before the 2020 CCS upgrade, the members received funds from a hot wallet centered on the Windows 10 Pro Desktop. This hot wallet has been used for making payments to community members through the support of  CCS wallet.

All trademarks, logos, and images displayed on this site belong to their respective owners and have been utilized under the Fair Use Act. The materials on this site should not be interpreted as financial advice. When we incorporate content from other sites, we ensure each author receives proper attribution by providing a link to the original content. This site might maintain financial affiliations with a selection of the brands and firms mentioned herein. As a result, we may receive compensation if our readers opt to click on these links within our content and subsequently register for the products or services on offer. However, we neither represent nor endorse these services, brands, or companies. Therefore, any disputes that may arise with the mentioned brands or companies need to be directly addressed with the respective parties involved. We urge our readers to exercise their own judgement when clicking on links within our content and ultimately signing up for any products or services. The responsibility lies solely with them. Please read our full disclaimer and terms of use policy here.

Leave a Reply

Your email address will not be published. Required fields are marked *