The bugs in the Monero code were not discovered until March this year, reports Hard Fork.
One of the bugs that the dev team has recently made public enabled dirty players to steal XMR from crypto currency exchanges by making ‘specifically-crafted’ blocks to get Monero wallets to take fake deposits in exchange for any XMR amount.
The bugs threatened private DLT data to be stolen from Monero
The HackerOne report confirms that these bugs allowed stealing XMR from exchanges and other online wallets. Several other of the disclosed bugs allowed conducting a DoS attack.
Some of the other bugs were targeted at CryptoNote – a software layer that helps Monero ensure higher level of privacy for its users. These vulnerabilities could have let culprits put out Monero nodes by demanding big amounts of DLT data from the platform.
A developer Andrey Sabelnikov pointed out that other crypto platforms that use CryptoNote are also vulnerable to that sort of attacks.
Apart from that, Monero devs found that the network’s software was leaking big amounts of ‘uninitiated’ memory, containing private data, to untrusted peers of the network.
Nascent crypto software is bound to be vulnerable to attacks
The developers warn that most of those flaws detected in the Monero code had been labelled as ‘proof of concepts’.
Since the crypto industry, especially privacy-focused coins are only beginning to appear on a large scale, bugs that make coins to be stolen by hackers from wallets will emerge from time to time.
Arman Shirinyan
Godfrey Benjamin
