Monero's community wallet loses $460,000 due to privacy model loophole

Monero’s Community Crowdfunding System (CCS) wallet, funded by donations, has been confirmed to have lost all its funds, according to developer Luigi in November. The loss, amounting to 2,675.73 XMR or approximately $460,000, was initially reported on September 1, 2023, by Colin Wu on Wu Blockchain. The incident involved nine transactions that exploited a potential vulnerability in the privacy model of the wallet.

Moonstone Research traced the attack back to a user of the Monerujo Android non-custodial Monero wallet. The user utilized the PocketChange feature to split a larger coin into multiple pockets for immediate spending without the standard 20-minute delay. This process resulted in the creation of 11 output enotes, an anomaly that suggested the use of either version 3.3.7 or 3.3.8 of Monerujo.

The hypothesis of a privacy model loophole as the potential vulnerability was proposed by SlowMist and referenced by Wu Blockchain in their initial report. This was further substantiated by Moonstone’s analysis of four Crescent Discovery (NASDAQ:) Reports and Monerujo’s statement about the feature ensuring coins won’t merge again.

The loss of funds from the CCS wallet marks a significant setback for Monero and raises concerns about potential vulnerabilities in other cryptocurrency wallets. As investigations continue into this incident, it underscores the importance of robust security measures within digital currency systems.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.


This website uses cookies. By continuing to use this site, you accept our use of cookies.