The developers of open-source cryptocurrency Monero (XMR) have patched a bug that could allow an attacker to “burn” the funds of an organization’s wallet while only losing network transaction fees, according to an announcement published September 25.
The bug was reportedly discovered after a community member described a hypothetical attack on the XMR subreddit. The bug could purportedly affect merchants and organizations in the XMR ecosystem, enabling an attacker to trigger significant damage. The blog post further describes how the bug would be exploited:
While Monero notes that the attacker would not be able to directly accrue monetary gains with such an attack, “there are probably means to indirectly benefit.”
Following the attack, the hacker sells the XMR for Bitcoin (BTC) and then withdraws the BTC. As a result of the attack, the exchange is left with 999 unspendable or “burnt” outputs of 1 XMR.
Notably, the bug has not affected the protocol or the coin supply. XMR developers subsequently created and included a patch in the code, which was announced via XMR’s official Twitter account:
Readmore:
https://cointelegraph.com/news/monero-developers-have-patched-the-burning-bug
