Hard blow for Monero – Launched in April 2014, Monero is one of the oldest cryptocurrencies still active today. This specializes in protecting the privacy of its users by offering anonymized transactions. Unfortunately, the project’s community wallet was recently the victim of a hack.
$450,000 stolen from the Monero community
On November 2, Luigi111one of the active developers on the Monero protocol announced that nearly half a million dollars had been stolen.
In practice, it seems that this is the Monero community crowdfunding wallet that was targeted by the attack. As a reminder, the Community Crowdfunding System (CCS) of Monero is a crowdfunding program. This makes it possible to finance development proposals emanating from the community. This system was designed to remain consistent with the principles of decentralization and autonomy of the Monero project, which does not have formal governance structures.
In total, the hacker stole 2,675 XMR on September 1the equivalent of $448,000 in the CCS cold wallet.
As specified by Luigi111, this financing program is made up of two wallets. On the one hand, a cold wallet holds all donations from the community. On the other, a hot wallet which allows payments to be made to initiatives approved by the CCS.
Thus, the attack targeted the cold wallet, which was completely siphoned off. For its part, the hot wallet still has 244 XMR. Note that the active development fund, a second fund to finance the development of Monero was not impacted. The attack only targeted the fund dedicated to community initiatives.
>> Safety is the basis! To keep your cryptos close to you, trust Ledger (commercial link) <<
The mystery remains
Unfortunately, the operating mode employed by the hacker remains unknown. Indeed, Luigi111 revealed that he had not been able to determine the source of the breach.
One thing is certain: the attacker was able to access the seed phrase of the siphoned wallet. The question is how.
Indeed, the wallet was initially created by the developer fluffypony, who shared the seed phrase with Luigi111 via a seemingly secure method. Subsequently, Luigi111 was responsible for interacting with the different wallets in order to transfer funds from the cold to the hot wallet to make payments.
The different tracks
Several avenues were considered. On the one hand, Luigi111 fed the hot wallet thanks to the CCS wallet which he accessed via SSH. In fact, this one was hosted on an Ubuntu server, located at Luigi111’s home. A point which suggests that it is at this level that the hacker managed to recover the private keys.
Other Internet users consider it to be possible that the Windows computer used to access the Ubuntu server via SSH could have been compromised.
“I wouldn’t be surprised if Luigi’s Windows machine was already part of an undetected botnet and its operators carried out this attack via the SSH session details on that machine (either by stealing the SSH key or using live remote control capability of the Trojan’s office while the victim was unaware). It is not uncommon for compromised developer Windows machines to cause significant breaches in businesses. »
Finally, it is impossible not to consider the path of rugpull. In fact, only fluffypony and Luigi had access to this wallet. However, this situation seems unlikely for the Internet user MoneroTimewhich enlightened us on the situation.
According to him, none of these long-time developers would have no interest in perpetuating this theft. On the one hand, because they are probably already financially comfortable. On the other, because they would have no trouble obtaining funding legitimately through Monero’s funding program if necessary. Either way, the mystery remains for now.
Unfortunately, this hack adds to the toll for the year 2023. So far, more than a billion dollars have been stolen in cryptocurrencies this year.
When it comes to crypto, don’t throw caution to the wind! So, to keep your cryptographic assets safe, the best solution is still a personal hardware wallet. At Ledger, there is something for all profiles and all cryptos. Don’t wait to put your capital in safety (commercial link)!