Several security vulnerabilities have been disclosed by Monero, including one that could have been exploited to steal xmr from exchanges, reports on the breach disclosure platform HackerOne revealed on July 3.
The vulnerability theoretically enabled attackers to send counterfeit xmr to an exchange. Once the fraudster’s account was credited, they could then convert it into other coins and make a withdrawal, leaving the exchange out of pocket.
Describing the critical breach they uncovered, the lead developer for CUT coin added:
“It is our belief that the vulnerability cannot be used to "mint" real, transactable monero out of thin air.”
A bounty of 45 xmr (about $4,000) was paid to the developer for their efforts.
Most of the vulnerabilities recently disclosed to HackerOne were identified a few months ago, but they have since been resolved.