Altcoin

How Monero has become the latest victim of exploit

Out of nine transfers made by Monero’s attacker, three have been reliably traced. However, the missing funds have not yet been recovered.

Published

on

  • The hacker carted away XMR worth about $453 million.
  •  The outcome of the probe showed that the attacker used a non-custodial wallet for the transactions.

Unknown to many, the Monero [XMR] network experienced a severe attack on 1 September. However, the details of the exploit were only made public by blockchain investigation firm Moonstone Research on 3 November. 


Read Monero’s [XMR] Price Prediction 2023-2024


This was after an investigation was carried out to find the perpetrators.

Attackers pass through the corners

According to the report, the hacker(s) carted away 2675.73 XMR belonging to the Monero Community Crowdfunding System (CCS). The project initiated the CCS as a means for its members to get funded for approved proposals.

At press time price, AMBCrypto’s currency converter showed that the value of XMR moved was worth $453,616. Meanwhile, Moonstone, in its

report, noted that it was able to observe nine transactions of the attacker. 

Source: Moonstone Research

It, however, noted that it was only able to reliably trace three out of the nine transfers. Investigations using the Crescent Discovery report revealed that the attacker ensured that there were a number of enotes involved in the movement. 

A Crescent Discovery report is a way to find out where actors spend the proceeds of illicit funds. This is done by tracing difficult transaction graphs either forward or backward. Also, the hacker obviously used the enotes approach so that the transactions would become difficult to track.

For context, an enote is a crypto hardware solution to connect off-chain and on-chain transactions together. While Moonetome admitted that it found it difficult to trace the transactions, it eventually made headway with one saying that:  

“This transaction uses seventeen input enotes and creates eleven output enotes. We observe the following nine poisoned enotes in the transaction’s rings, each from unique origin transactions.”

XMR unaffected as the search continues

Meanwhile, revealing the specifics of the exploits hasn’t exactly affected XMR as per price action. Like the rest of the market, the privacy coin was in the green, rising to $169 in the process.

Although Santiment data showed that the volume decreased in the last 24 hours, it did not look like it was because of the development explained above.

Source: Santiment

Regarding the hardware solution used in the hack, Moonstone noted that it was likely a Monerujo. Monerujo is a noncustodial Monero wallet with a “PocketChange” feature. This feature helps to create multiple enotes which it seemed the hacker took advantage of.

In concluding its probe into the incident, Moonstone revealed that the missing funds were sent to an exchange or counterpart using the Monerujo PocketChange. It then called on Monero exchanges and survive providers to alert them of any suspicious activity.


Realistic or not, here’s XMR’s market cap in BTC terms


Additionally, there has been a discussion about the incident on social media platform Reddit. For some, the development means that Monero has to pay serious attention to the way it conducts transactions.

A comment from user futuristicchaos on the platform was critical of the Monero project. The comment read:

“It is embarrassing that they were not using multisig. Monero is still the best privacy coin by far despite all that. Hopefully, they improve their opsec and even the amount sounds like a lot to us it is little to the OGs in the core team.”