Monero Wallet Vulnerability – Loss Of $1.8 Million to Livecoin Crypto Exchange

  • 89

Monero – a cryptocurrency that is supposedly synonymous with security – proved that ‘nothing is unhackable’. A researcher discovered a Monero Wallet vulnerability that could allow hackers to steal XMR from exchanges. Though the researcher highlighted this issue as a precaution, Livecoin crypto exchange verified the issue for them. In fact, it caused them a loss of $1.8 million worth of XMR.

Livecoin Crypto Exchange Suffered Loss Of XMR

According to a recent report, Livecoin crypto exchange suffered a significant loss. The exchange claimed it lost 15108 XMR worth $1.8 million. The exchange noted some inappropriate transactions on July 20, 2018, after which they confirmed the loss.

Livecoin expresses its dismay that Monero developers did not inform them about the risks or the need to limit Monero transactions. Now, they have halted XMR transactions for an indefinite time, probably until further negotiations between the exchange and Monero developers.

Monero Wallet Vulnerability (Now Fixed) Allowed Hackers To Steal XMR

A few days ago, HackerOne reported a critical bug in Monero code that could allow hackers to forge transactions by manipulating the amount shown by the wallet. Through this, they could trick Monero staff for manual XMR credits to their accounts. As mentioned in their report,

“Due to a flaw in process_new_transaction in wallet2.cpp, if the tx pubkey is present multiple times, it will decode outputs correctly as many times, and add up the amounts. This means the final amount reported by show_transfers will be the actual amount received multiplied by the number of duplicate tx pubkeys present in the transaction extra field.

The researcher also explained where the vulnerability might fail.

“Probably does not work if the recipient expects an integrated address since someone stripping the payment id and contacting support would be unlikely, so priming the exchange to be suspicious.”

The researcher reported the vulnerability to Monero after which they fixed the bug. However, Livecoin’s loss of XMR highlights that some hackers might have already discovered the bug and exploited it. We shall wait and see.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!