Critical Monero
P2Pool Vulnerability Exploited; Miners Lose Rewards to Hackers
Monero P2Pool exploited for critical vulnerability allowing attackers to redirect up to 80-100% of block rewards from unpatched miners.
Monero mining pools faced active exploitation of a critical consensus vulnerability in P2Pool starting June 15-16, allowing attackers to redirect up to 80-100% of block rewards from unpatched miners to their own wallets. The flaw affected all P2Pool versions prior to v4.16, which was released on June 13 following a developer warning issued three days earlier.
The exploit mechanism enabled attackers to take a single share found by a miner, replicate it thousands of times with fraudulent copies, and flood the payout window to siphon the majority of mining rewards. The vulnerability impacted P2Pool's Mini and Nano chains first before spreading to the Main chain. Miners operating unpatched nodes essentially had their hashrate redirected toward the attacker's wallet, though XMR already received and stored in wallets remained secure from the attack vector.