Cryptocurrency News Today: Monero security flaw could’ve seen XMR stolen from cryptocurrency exchanges
Until March, rogue Monero miners were hypothetically able to create “specifically-crafted” blocks to force Monero wallets into accepting fake deposits for an XMR amount chosen by the attacker.
“It is our belief that this can be exploited to steal money from exchanges,” said security researchers in their initial HackerOne report. They were eventually awarded 45 XMR ($4,100) for their efforts.
Five DoS attack vectors were also disclosed, with one labeled “critical” severity.
Another related specifically to CryptoNote, an application layer used by Monero to increase transactional privacy. This flaw could’ve seen bad actors take Monero nodes down by maliciously requesting large amounts of Blockchain data from the network.
Andrey Sabelnikov, who discovered the bug, told Hard Fork: “If you have quite a big Blockchain (with long history like Monero […]), then you can push a protocol request that will call all of its blocks from another node, which could be hundreds of thousands of blocks.”
“Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge m