A bounty hunter has announced that he discovered vulnerabilities that would allow hackers steal funds from exchanges. Jason Rhineland classified the risk as 9 on a scale of 0 to 10, implying a serious security threat. He also explained that hackers may already be working on exploiting the situation to cause havoc on exchanges.
Rhineland is an economist with interest in researching agent-based modeling for economic phenomenon. The PhD candidate at Queens University in Canada stated concerning the business logic error he discovered in Monero:
“PR #3985 fixed a wallet balance display bug, which seems innocuous enough, but this bug also extends to exchanges: a transfer of, e.g., 1 XMR to an exchange with a duplicated TX pub key will show up on an exchange as a 2 XMR deposit, which then allows the attacker to withdraw 2 XMR from the exchange’s wallet. An attacker could exploit this repeatedly to siphon of all of the exchange’s balance.”
The bug could be exploited by cybercriminals to initiate fake transactions that support staff of exchanges would be compelled to manually fulfill because they would seem very legitimate. The same vulnerability has been discovered in coins based on Monero as exemplified by the hack of ARQ, a Monero-based coin from the exchange, Altex.
The company was forced to suspend trading operations due to the issue after making a post on its website which stated,
“That bug caused a big loss in coins for the exchange and we have put our main currency under maintenance so the people who exploited the bug can no longer withdraw. After a really long investigation, we found out that we still lost a big amount. This was caused by the coins software, it was not a bug in our system.”
Hacker One Bug Bounty also discovered five other bugs in the Monero code, all of which have been fixed. Among the discovered vulnerabilities is a Denial of Service attack that could cause congestion to the Monero network.
By Friday, August 3, the coin was trading under pressure having lost 4.6 percent. The present value of $116.66 indicates that the bears are speeding up sales. This is despite the fact that Monero had seemed unbending to the volatility of the market for some time having exhibited prolonged stability for weeks.
It has reportedly found a support at $110 with the possibility of a breakout that could create a lower support at 106.40 which is close to its lowest level this year.