Another Headache for Monero as Faulty Wallets Dupe Leads to Hack
Questions over whether it’s a good time to buy Monero (XMR) or not have been raised after a series of glitches have been discovered. According to a recent report on The Next Web, the privacy-centric cryptocurrency has a number of security flaws that have only been uncovered following a recent hack. Although the vulnerabilities have been described as minor, creative criminals were able to penetrate the cracks and, essentially, forge their own Monero.
Tracking the source of the problem, a post on HackerOne pointed out that flaw in the transaction process allowed cybercriminals to dupe exchanges into sending incorrect amounts.
“Due to a flaw in process_new_transaction in wallet2.cpp, if the tx pubkey is present multiple times, it will decode outputs correctly as many times, and add up the amounts. This means the final amount reported by show_transfers will be the actual amount received multiplied by the number of duplicate tx pubkeys present in the transaction extra field,” reads a June 12 post on HackerOne.
All It Takes is a Line of Code and Some Social Engineering
In simple terms, the hackers were able to use the weak code to manipulate the amount of XMR shown in a wallet. From here, the hackers initiated transactions for more tokens than they had in their wallets. Finally, they called exchanges and demanded the transactions were processed immediately. With the support staff conned by the inflated wallet balances, they authorized the fraudulent payments. It’s not known how many tokens were siphoned off from exchanges, but a patch has now resolved the issue.
However, this isn’t the only problem for those considering whether they should buy Monero. As part of the bug finding program on HackerOne, tech experts have identified six additional security flaws. The news comes just a few weeks after a WordPress hack saw 190,000 sites hijacked in order to illegally mine Monero. While security flaws are common inside and outside of the crypto space, their impact is much more significant for companies like Monero. Being a new technology that people are still trying to figure out means that any incident is magnified.
On August 1, SpiderLabs announced that 10,000+ unpatched routers in Brazil were turned into mining outlets. More than four months after a patch for MikroTik routers was released, the CoinHive mining script was discovered on thousands of Brazilian computers. Although the blame lies at the feet of those that haven’t installed the security patch, Monero has found itself linked to another negative headline.
Security Slump Suggests Now is the Time to Buy Monero
While it’s untrue to say that Monero’s reputation has taken a beating over the last six months, the security issues haven’t helped its value either. According to the latest XMR price reports, the number of people who want to buy Monero is down. Even with the new zk-SNARK anonymity protocol passing a recent security audit, the Monero price charts have remained bearish. Tacking the value in US dollars, the price has dropped from $144 in mid-July to less than $120 at the start of August. Although other cryptocurrencies have experienced bigger drops, the security problems aren’t helping matters.
What’s potentially more damaging for Monero is that the incidents have threatened to overshadow the positive work its development team are doing. The zk-SNARK protocol could prove to be a huge step forward for the network and its drive for truly uncrackable, truly anonymous transactions. Change.org has also chosen Monero as a funding system for its relief efforts in Brazil. For those looking to buy Monero, the silver lining is that steps are being taken to address these problems. In reality, every online system has weaknesses. Back in April, Verge (XVG) was subject to a hack and there are many more stories of cryptos falling victim to hackers.
If Monero continues its proactive attitude to fixing security concerns, the project will thrive. Investors are always looking to buy commodities in a slump as they offer the greatest potential for a return. As a cryptocurrency, XMR still has a lot of positives by virtue of its dedication to anonymity. If it can rally through this difficult patch and not let hacks affect its core mission, Monero is likely to become an enduring part of the industry. Based on that, many may now see the recent dip as a reason to buy Monero in anticipation of it patching up its problems and regaining some bullish momentum.