Reports out today highlight yet another security vulnerability within Monero XMR, a cryptocurrency designed for optimum privacy. Now we already know of the associations between Monero and malicious mining, but this marks another example of how XMR traders and investors have been put at risk, simply due to the markup of the currency.
Before we continue I will highlight that this vulnerability has since been fixed.
Reports state that hackers have been using XRM to create false transaction data which could then be sent to exchange staff to fool them into crediting the hackers accounts with extra XMR tokens, tokens that they do not own. The vulnerability that allowed for this, existed within Monero’s Wallet, an open source wallet that allowed for the manipulation of transaction addresses. When new lines are added to the code, the amount of XRM in the transaction multiplied, making the transaction to appear to be worth a lot more than it really is.
According to The Next Web:
“Each additional line multiplied the amount of XMR shown – which made tricking support staff into approving dodgy transactions much simpler. Hackers could then call exchanges and demand the transactions be processed immediately – claiming totals way over the amount originally sent for confirmation. Another disturbing details is that it appears the bug extends to other Monero-based coins. Indeed, the disclosure notes attackers were able to steal ARQ coins – a hard fork of Monero – from the wallet of exchange desk Altex.”
See more for yourself, here.
Hacks and thefts are problematic within privacy coins, so what’s the point in them?
The idea of a privacy coin is to allow users to maintain complete anonymity, but in turn, this allows criminals and hackers to hide behind these masks too. The risk of attack can be reduced by making the currency less private but then in turn, you lose the unique selling point, so a solution is almost impossible to find. For Monero specifically, these vulnerabilities mean that data has the potential to be exposed, which in turn degrades the ‘privacy’ of the network. The coins aren’t so private, if a hacker can manipulate your assets, right?
Therefore, surely it’s beneficial to reduce privacy, in an attempt to improve security?