Monero Community Wallet Loses All Funds After Hack
06 Nov, 2023 ● Coin news
A recent cyberattack compromised Monero's community crowdfunding wallet, erasing its entire balance of 2,675.73 Monero (XMR), which was worth nearly $460,000.
The incident occurred on September 1 but was only revealed on GitHub on November 2 by Monero developer Luigi. He claims that the source of the breach has yet to be identified.
“The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”
Members' development proposals are funded by Monero's Community Crowdfunding System (CCS).
"This attack is unconscionable, as they've taken funds that a contributor might be relying on to pay their rent or buy food," wrote Monero developer Ricardo "Fluffypony" Spagni in the thread.
Luigi and Spagni were the only ones who knew the wallet seed phrase. According to Luigi's post, the CCS wallet and a Monero node were installed on an Ubuntu system in 2020.
Luigi used a hot wallet that has been on a Windows 10 Pro desktop since 2017 to make payments to community members.
The CCS wallet was used to fund the hot wallet as needed. However, on September 1, the CCS wallet was swept in nine transactions.
The core team of Monero is requesting that the General Fund cover its current liabilities.
“It’s entirely possible that it’s related to the ongoing attacks that we’ve seen since April, as they include a variety of compromised keys (including Bitcoin wallet.dats, seeds generated with all manner of hardware and software, Ethereum pre-sale wallets, etc.) and include XMR that’s been swept,” Spagni noted in the thread.
Other developers believe that the breach may have originated from the wallet keys being available online on the Ubuntu server.
“I wouldn’t be surprised if Luigi’s Windows machine was already part of some undetected botnet and its operators performed this attack via SSH session details on that machine (by either stealing the SSH key or live using trojan’s remote desktop control capability while the victim was unaware). Compromised developers’ Windows machines resulting into big corporate breaches is not something uncommon,” stated pseudonymous developer Marcovelon.
Sources:
https://cointelegraph.com/news/monero-community-wallet-loses-all-funds-after-attack
