Monero Reports on Resolving Fake XMR Minting Bugs a Month After Fix – CointelegraphJuly 15, 2019
Cryptocurrency is so far on the cutting edge that it almost defines it, yet some are finding out the hard way that it’s even sharper than anticipated. The frightening reveal ofnine security bugs through HackerOne internet security platform that had affected Monero (XMR) in recent months — ranging from the insignificant and solved to the malicious and live — was a big wake-up call for blockchain enthusiasts. Five of these vulnerabilities constituted a dire DDoS risk (one of that was labeled critica)l, but eight of the bugs are now fixed, including the most severe one discovered.
The big deal with a faux XMR
On June 3, a blockchain developer on HackerOne announced the discovery of a severe exploit in Monero that had granted hackers the ability to “create” fake XMR and send them to exchanges. The report stated:
“By mining a specially crafted block that still passes daemon verification, an attacker can create a miner transaction that appears to the wallet to include sum of XMR picked by the attacker. It is our belief that this can be exploited to steal money from exchanges.”
Though the fake XMR bug is one among a list of issues with Monero — and the biggest losers are exchanges rather than traders or investors — it demonstrates that even the most private and security-centric coins can be compromised. This is nothing less than a very visible threat to the entire ecosystem. Cryptocurrency is absolutely worthless if it fails to deliver on its most foundational promise of security and transparency. With (currently) limited functionality for cryptocurrencies in comparison to fiat money, if coins concede on their primary advantage, then what’s the point? CEO of the exchange