Monero builders uncover 9 XMR bugs that would have allowed XMR to be stolen from exchanges

Yuri Molchan

“Developers of the anonymous Monero coin have made almost a dozen security holes public, one of them was able to allow the theft of XMR from crypto exchanges”


  • The bugs threatened to steal Monero’s private DLT data
  • Nascent crypto software is vulnerable to attack

The bugs in the Monero code weren’t discovered until March of this year, reports Hard Fork.

One of the bugs recently released by the development team allowed dirty gamers to steal XMR from cryptocurrency exchanges by creating purpose-built blocks to trick Monero wallets into making fake deposits for any amount of XMR.

The bugs threatened to steal Monero’s private DLT data

The HackerOne report confirms that these flaws made it possible to steal XMR from exchanges and other online wallets. Several other of the defects disclosed allowed a DoS attack to be carried out.

Some of the other bugs concerned CryptoNote – a layer of software that Monero uses to ensure a higher level of privacy for its users. These vulnerabilities could have resulted in culprits deleting Monero nodes by soliciting large amounts of DLT data from the platform.

A developer, Andrey Sabelnikov, pointed out that other crypto platforms using CryptoNote are also vulnerable to this type of attack.

That said, Monero’s developers found that the network’s software was releasing large amounts of “uninitiated” storage containing private data to untrustworthy colleagues on the network.

Nascent crypto software is vulnerable to attack

The developers warn that most of the bugs found in the Monero code have been flagged as “proof of concepts”.

With the crypto industry, privacy-centric coins in particular, only emerging on a massive scale, errors occur from time to time that result in hackers stealing coins from wallets.

Comments are closed.