Developers Unveil Massive Monero Bug
Revealed on July 3rd by developers on HackerOne, Monero (XMR) was recently subject to a number of security vulnerabilities. One bug in question would have given attackers the ability to “create” XMR that didn’t really exist on the blockchain.
If used correctly, this exploit would have allowed the hacker to credit his own exchange accounts with XMR, trade said credit for “actual” cryptocurrency, then withdraw the asset, be it Bitcoin, Ethereum, or otherwise, from the victimized exchange. The developer that discovered this bug has been paid around $4,000 worth of XMR for the discovery of the potential exploit.
Interestingly, this glitch is very similar to one disclosed last year, which actually affected an exchange listing crypto assets based on Monero’s code. As reported by Ethereum World News previously, a lesser-known exchange named Altex revealed that “every CryptoNote-based coin” it had listed was under pressure from the attack and the bug.
The bug seemingly allowed users to manipulate the amount of cryptocurrency shown by certain XMR wallets, with each new line of copied code multiplying the Monero amount displayed.
While this bug doesn’t facilitate the materialization of XMR out of thin air, attackers could use this as a medium of attack against a cryptocurrency exchange. More specifically, malicious users could trick exchange support staff teams into crediting their account with Monero that doesn’t exist, with one coder noting that users could bluff a value of up to 8,000 times over their original transaction amount.
In spite of these constant bugs, XMR has been subject to a nice pump, caused by who knows what. In fact, according to Coin Market Cap, the popular privacy-centric altcoin is up around 9% in the past 24 hours, finding itself sitting at $96.5 — just shy of the $100 psychological price point.
This strong swing upside makes even less sense when you look at Bitcoin’s performance. Bitcoin, which has easily outperformed altcoins over the past few weeks, is up a mere 2% in the past 24 hours, making XMR’s move that much more notable.
Competitor ZCash Has Ambitions
This disclosure comes hot on the heels of news that the Electric Coin Company, the organization behind much of Monero rival ZCash’s development, has lofty ambitions.
Speaking at the Croatian event, Electric Coin Company executives and employees unveiled plans to involve “sharding” in its chain. For those unaware, sharding is a mechanism which splits information in a database across different servers. This, in the context of cryptocurrency, could allow for different groups of nodes in a blockchain to process different requests, allowing for a potentially dramatic increase in transaction times and data throughput.
Photo by Jantine Doornbos on Unsplash