Altcoins
An old Monero bug resurfaces to cause commotion in the market
Posted:
| Last updated: July 8th, 2019
When it comes to privacy coins in the cryptocurrency market, Monero is the first coin that usually pops up in everyone’s mind. The coin has become the go-to cryptocurrency for anyone seeking for financial privacy. Interestingly, the coin has made a grandeur entry in the headlines of all the major crypto-news portals as an old bug was only recently unsurfaced.
This old bug that was disclosed months ago managed to gain traction from not only the Monero community but also the other cryptocurrency communities. Nevertheless, the developers and connoisseurs of the community were quick to jump to its defense.
A vulnerability coordinator platform, HakerOne released not one but multiple bugs discovered in Monero. The bug that grabbed the attention of the community was that one that could have allowed an attacker to steal Monero from exchanges the coin has been enlisted in. This bug was, however, discovered and patched, and belatedly picked by the mainstream media this month, causing an unnecessary commotion. This entire controversy even saw the price of the privacy coin take a dip in the market, which was later followed by a correction.
The report stated,
“By mining a specially crafted block, that still passes daemon verification an attacker can create a miner transaction that appears to the wallet to include sum of XMR picked by the attacker. It is our belief that this can be exploited to steal money from exchanges.”
The Monero community including Riccardo Spagni was quick to clear the misconception, who stated that “months old bugs are not interesting” on Twitter. Spagni also linked an old Tweet that had the links to the disclosure and suggested that news media portals could have written multiple articles on the bug months ago, if only they had subscribed to Monero’s mailing list.
Monero Twitter page stated,
“We actually publicly disclosed the bug four months ago already on the mailing list and provided a patch. The patch is included in v0.14, which all exchanges and services run. Thus, they are protected from this bug. The vulnerability report on HackerOne was made available to the public a few days ago and as a result media is rehashing old news.”
