This week, the developers of Monero (XMR) patched a bug that could allow an attacker to ‘burn’ the funds of an organization’s wallet. The breach was initially revealed by a community member, and XMR developers were quick enough to fix it before any damage was done.

Anonymity above all: How Monero works

Simply put, Monero (XMR) is a cryptocurrency like Bitcoin (BTC), but with an additional focus on anonymity. It was established in 2014, when bitcointalk.org user thankful_for_today forked the codebase of Bytecoin into the name BitMonero. To establish the new coin, he used ideas that were first outlined in a 2013 white paper called ‘Cryptonote’ that was written by an anonymous personality Nicolas van Saberhagen. Ironically, BitMonero was soon forked itself by open-source developers, and titled ‘Monero’ (which means ‘coin’ in Esperanto). It has remained to be an open-source project ever since.

XMR has considerably more privacy properties than BTC: Instead of just being a decentralized coin, Monero is designed to be fully anonymous and virtually untraceable. Thus, XMR is based on the CryptoNight proof-of-work (PoW) hash algorithm, which allows it to use ‘ring signatures’ (which mix the spender's address with a group of others, making it more difficult to trace transactions), ‘stealth addresses’ (which are generated for each transaction and make it impossible to discover the actual destination of a transaction by anyone else other than the sender and the receiver), and ‘ring confidential transactions’ (which hide the transferred amount).

In 2016, XMR experienced more growth in market capitalization and transaction volume than any other cryptocurrency (almost a 2800 percent increase, as per CoinMarketCap). A lot of that growth came from the underground economy. Being an altcoin that is tailor-made for fully private transactions, Monero eventually became accepted as a form of currency on darknet markets like Alphabay and Oasis. Specifically, after being integrated on the darknet in the summer of 2016, its value “immediately increased around sixfold,” according to Wired.

"That uptick among people who really need to be private is interesting," Riccardo Spagni, one of the Monero core developers, told the publication in January 2017. "If it’s good enough for a drug dealer, it’s good enough for everyone else."

Monero’s alleged privacy remains to be a controversial topic, as some suggest that the coin is not in fact fully anonymous. In an August interview with Bloomberg, the United States Drug Enforcement Administration (DEA) special agent Lilita Infante noted that although privacy-focused currencies are less liquid and more anonymous than BTC, the DEA “still has ways of tracking” altcoins such as Monero and Zcash. Infante concluded:

“The blockchain actually gives us a lot of tools to be able to identify people. I actually want them to keep using [cryptocurrencies].”

Interestingly, while Europol’s latest cybercrime report suggests that BTC remains the most popular cryptocurrency for criminal activities, it also predicts a rise in the demand for anonymity-focused altcoins, including Monero (XMR).

The privacy-focused nature of Monero also prevents it from being listed on some compliant crypto exchanges. For instance, in June, Japan-based Coincheck delisted XMR and three other anonymity-focused altcoins to follow Counter-Terrorist Financing (CFT) and Anti-Money Laundering (AML) procedures issued by the local financial regulator.

The burning bug: Potential threat to Monero’s ecosystem

On Sept. 18, user u/s_c_m_l described a hypothetical attack within the XMR ecosystem on the Monero official subreddit:

“I can imagine an attack where ‘A’ procures [a] large amount of XMR and [sends] it to ‘Exchange B’ in many transactions with the same stealth address. ‘A’ then exchanges that XMR for other currency and cashes out, leaving the exchange paralyzed [and] unable to use that XMR.”

Importantly, the Monero blockchain ‘burns’ XMR transactions between identical stealth addresses, seeing them as illegitimate. Instead, just one single ‘correct’ transaction could go through. Burned XMR, in turn, are fully unusable, as they cannot be replaced.

More specific details on the attack were described in a Monero blog post:

“An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g., an exchange's hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality (i.e., funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR.

“The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker’s action(s) is that the exchange is left with 999 unspendable/burned outputs of 1 XMR.”

Simply put, the bug basically allowed hackers to burn the funds of an organization's wallet — such as that of an exchange — while only having to pay the network transaction fees. Although they wouldn’t obtain any money from doing so, “there are probably means to indirectly benefit,” as Monero team suggested. For instance, the attackers could manipulate the market, as they would have the control over the coin supply of XMR.

Monero handled the breach calmly

The Redditor’s theory became widely discussed within the Monero subreddit, and the developers reached out with a public announcement only after fixing the issue. On Sept. 25, Monero team declared that a private patch was “promptly created and later included in the code” after discovering the potential vulnerability. After that, they reportedly notified “as many exchanges, services and merchants as possible,” explaining that the patch had to be applied on top of the v0.12.3.0 release branch.

In an accompanying blog post, Monero developers argued that this was “clearly not the preferred method” because some parts of the Monero ecosystem were still left out, but there was limited time to eliminate the bug. After that, the glitch was announced via public mailing, as it is “imperative to be subscribed to the public mailing list” for any organization that deals with Monero, developers argued.

Finally, Monero claims that the bug “did not affect the protocol and thus the coin supply was not affected,” hence no attackers were quick enough to actually exploit the bug.

XMR community stays on guard

This was not the first security concern regarding Monero within the past month. In early September, Twitter and Reddit users started to point out that the MEGA Chrome extension was compromised. The MEGA Chrome extension is a tool that claims to improve browser performance by reducing page loading times, as well as providing a cloud storage service.

Redditor u/gattacus posted on Monero’s official subreddit that the MEGA Chrome extension version 3.39.4 seemed conspicuous:

“There was an update to the extension and Chrome asked for new permission (read data on all websites). That made me suspicious and I checked the extension code locally (which is mostly javascript anyways). MEGA also has the source code of the extension on github […] There was no commit recently. To me it looks either their Google webstore account was hacked or someone inside MEGA did this. Pure speculation though.”

The application was removed from Chrome webstore after roughly four hours. Later, the MEGA team clarified that version 3.39.4 was a malicious update performed by unknown hackers with the aim of compromising users’ private information. Soon, it became clear that the attack didn’t center around Monero specifically, as the malicious code was reportedly activated on websites such as Amazon, Google, Microsoft, GitHub and MyEtherWallet along with Monero XMR web wallet services. This time, the fault wasn’t on Monero’s end.

The ‘burning bug,’ in turn, was possible due to a flaw in XMR’s code, but the developers were quick to react to the warning signal raised by the altcoin’s community.