- The Burning Bug made XMR in a Monero account unspendable
- An attacker would have been able to burn the funds in any organization’s wallet quite easily
- Burning Bug present no direct monetary gains to attackers but there may be indirect benefits
The ‘Burning Bug’, a Monero (XMR) vulnerability that makes it possible for bad actors to completely burn out tokens in the wallets of merchants, crypto exchanges and ordinary users, by simply sending multiple transactions to a particular stealth address, has now been fixed by the Monero community, according to an announcement by Monero developers
The Burning Bug Monero (XMR) Hole Fixed
Per the blog post by developers, the bug would have made it possible for a determined attacker to make the coins in a Monero wallet spendable only once, after which the remaining funds will become unspendable by the owner of the account.
The post explained that while the situation could cause significant damage to the owner of the wallet, the loophole made it quite easy for such an attack to be carried out by a rogue actor, as it would only cost him a small transaction fee.
How Hackers Exploit the Burning Bug
According to the post, for an enemy to exploit the bug and carry out an attack, they would first create a random private transaction key and alter the code to ensure it’s only the random private key that’s used in executing the transaction. This way, multiple transactions will be sent to a single stealth address.
Then the attacker simply sends multiple transactions to the address. In the case of exchanges, the attacker could then expect to have their account credited with all the tokens they sent, allowing them to trade for a different currency and quickly withdraw.
The exchange however would be unable to touch the tokens from all but one of the many transactions. Effectively, this would have allowed an attacker to destroy money for the exchange.
Monero developers quickly took to their official Twitter handle to notify users that the bug has now been successfully patched.
At the time of writing, the price of XMR sits at $116, with a market cap of $1.92 billion, making XMR the tenth largest project in crypto – for now.
