Monero, the project behind XMR and the privacy coin that isn’t shy of controversy. Monero has always been especially susceptible to mining related hacks and illicit cryptocurrency mining, however, the burning bug within the Monero network takes these surfaces hacks to a new level. It transpires that now, as a result of the burning bug, the entire XMR network could have crashed down in an instant.
Over the past two months, the so called ‘Burning Bug’ has surfaced twice, calling the integrity of the Monero network to question. In order to understand the scale of this, we first of all need to explore exactly what the burning bug is.
Monero’s burning secret
The burning bug is a bug that could have allowed hackers to drain Monero XMR assets from any exchange or wallet, at a very low cost. Often, these sorts of bugs are left unresolved because the illicit draining of funds would cost the hackers so much in transaction fees – in other words, it wouldn’t be worthwhile stealing the money, because it would cost the hackers too much to do so. Now, according to The Next Web, a developer from Monero has spoken out about the bug, stating that:
“A bug in the wallet software allowed a determined attacker to cause significant damage to organizations present in the Monero ecosystem with minimal cost. A determined attacker could burn the funds of an organization’s wallet whilst merely losing network transaction fees.”
How does the bug work?
This all comes down to the fact that Monero can ‘burn’ XMR on the network, in the same way Bitcoin and Ethereum can, hence the name burning bug (burning is not in reference to the bug being on fire I’m afraid). Burns can occur when the Monero blockchain detects transactions between identical stealth addresses, it assumes these are illegitimate and ‘burns’ one of the transactions, allowing just one ‘legitimate’ transaction to remain.
When this happens, the XMR isn’t removed, it’s simply just made unusable.
It is this burning process that allows hackers to directly extract XMR straight off the blockchain via external wallets, such as those that may be found at cryptocurrency exchanges. According to The Next Web, the report by the Monero developers states:
“After modifying a Monero wallet to make transactions using the same stealth address as the target wallet, attackers send, say, a thousand transactions of one XMR to an exchange. Because the exchange’s wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1,000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker’s action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.”
What happens now?
Well, as a result of this, Monero developers have had to create a fix which has now been sent out to the various Monero exchanges. This was carried out in secret, in order to stop hackers taking advantage of the bug whilst the exchanges ran updates to patch the error. Thankfully, now a fix has been rolled out, the Monero development team have confirmed that no XMR had been lost of manipulated as a result of the burning bug.
Finally, the burning bug has now been extinguished.
To close their statement, the Monero development team have issued a warning to all who indulge in cryptocurrencies:
“This event is again an effective reminder that cryptocurrency and the corresponding software are still in its infancy and thus quite prone to (critical) bugs.”
Bugs can exist in many forms, even when a crypto project is looking to be running smoothly (as Monero is) critical and devastating bugs could still exist on the network that in turn could be used to totally bring it down. It’s simply just a case of a race between developers and hackers, who gets there first will determine the future for the project. If the hacker gets there first, the consequences are devastating. If the developers get there first, as they have in this instance, the bug is fixed and the community is left protected, with their assets secured.
We do expect more bugs like this to crop up across the industry. Just because this one has been fixed, it doesn’t mean Monero is totally resistant to these bugs going forward. Thankfully, the development team will be working hard to ensure this doesn’t happen ever again.
The Next Web