Monerujo Wallet User Drains Monero’s CCS Wallet: Report

  • Monero’s Community Crowdfunding System (CCS) wallet was exploited and drained on September 1.
  • Till September 1, the wallet held a total balance of 2,675.73 XMR, worth $460,000.
  • Moonstone Research identified that the exploitation was done by a Monerujo wallet user with the PocketChange feature.

In a sudden turn of events, the decentralized community-driven project Monero revealed its Community Crowdfunding System’s (CCS) wallet exploitation that occurred on September 1, 2023. As per reports, the attacker drained the wallet in nine transactions, accumulating its entire balance accounting for 2,675.73 XMR, worth $460,000.

Chinese crypto reporter Colin Wu took to his official X page, Wu Blockchain, to share insights on Monero’s CCS hack, the source of which remains a mystery. The reporter also reflected on the blockchain security firm SlowMist’s assumption that the vulnerability is a “loophole in the Monero privacy model.”

As per Monero’s revelations, until September 1, the CCS, a system funded by donations, held a total balance of 2675.73 XMR. In November, Monero developer Luigi identified that the wallet holdings had been completely stolen.

Moonstone Research traced the attacker’s transactions and concluded with the supposition that the exploiter was a Monerujo wallet user who had the PocketChange feature enabled. Monerujo is an Android non-custodial Monero wallet, offering PocketChange feature that mitigates a disadvantage of Monero by creating multiple “pockets” or “enotes”. The report further explained the notion, reflecting on Monerujo’s statement, which read,

As long as [PocketChange is] enabled, every time you use Monerujo to send moneros somewhere, it will take a bigger coin, split it in parts, and spread those smaller coins into 10 different pockets. That way, the coins won’t merge again, and you’ll be ready to spend instantly from all those pockets without waiting the dreadful 20 minutes.

With four Crescent Discovery Reports, Moonstone Research identified that the attacker had created 11 output enotes, which is unlikely for usual transactions. Reiterating their assumptions, Moonstone Research stated, “We believe this is the most likely case, regardless if the attacker was using Monerujo version 3.3.7 or 3.3.8.”

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

Comments

Post a Comment

Popular posts from this blog

Aptos to 'Unlock' $100 Million Worth of APT Token

Image
Crypto unlocking is quite a common phenomenon where entities release specific amounts of frozen tokens. This is usually done to prevent early investors and project team members from selling in large numbers. Now, Aptos tokens worth more than $100 million are set to be unlocked in mid-November. The 20 million tokens represent around 10% of the circulating supply of APT . 🚨 Unlocks Alert $ APT 🚨 🗓️ On November 12th, 2023 🔥 First team and investors unlock🔥 🌟 20m $ APT for team and investors 🔓 Approximately $129m unlocks are coming 💸 10.8% of circulating supply will be unlocked If you are a private investor, what's your move? Don't miss out!… pic.twitter.com/s6w8PgBvaU — Token Unlocks (@Token_Unlocks) September 11, 2023 Also Read: NFTs: Stoner Cats Price Up 267% Despite SEC Charges What to Expect from the APT Unlock Crypto token unlock s are usually considered bearish catalysts because they free up liquidity and open doors for investors to lock in profits.
Read more

FTX founder, Sam Bankman-fried, is guilty to all charges: crypto community reacts

In anticipation of the verdict of Sam Bankman-Fried (SBF), scheduled for March 28, 2024, the crypto community is abuzz, sharing their opinions on the trial of the disgraced founder of FTX, a defunct crypto exchange. The crypto markets fell after the verdict. However, losses were largely contained. Bitcoin (BTC), which has surged more than 100% this year following the $1.5 trillion digital asset crash in 2022, fell about 1% to $34,416 at the time of writing. You might also like: Lawyer expects around 20 years of jail time for Sam Bankman-Fried Bloomberg journalists commented on the court’s decisions, asking the question: what will happen next to crypto currency? Experts interviewed by the publication believe that the court’s decision points to the end of an era of risky and illegal practices and to a more regulated future with greater adoption of digital assets and blockchain technology. Brian Mosoff, chief executive officer of Ether Capital Corp., said the conviction
Read more

Binance Is Building For The Future Crypto User, Celebrates Over 200 Updates in 2023

For the past six years, Binance has provided users with a one-stop shop for anything crypto, providing an ecosystem of tools and information that ease the journey of a crypto user. This year has been no different, with the exchange bringing about over 200 new updates and features to the platform, including the first crypto tax assistant – Binance Tax Tool, a ChatGPT-like tool providing crypto information – Binance Sensei, and a range of wallets and payment options with Binance DeFi Wallet, Binance Pay, Binance Card and Binance Gift Card.  Nonetheless, the prominent crypto exchange also faced massive challenges earlier in the year as the US Securities and Exchanges Commission (SEC) charged the exchange for offering “unregistered securities” to US residents. The lawsuit is currently ongoing, but the exchange reached an agreement with the regulator to avoid a full asset freeze of the platform in the US and keep customer assets in the United States as the lawsuit proceeds.  The recent
Read more