The hack occurred on September 1st, but Monero developer Luigi didn’t reveal it.
The CCS wallet was put up on an Ubuntu machine in 2020, with a Monero node.
An assault on the Monero community crowdfunding wallet completely wiped out its 2,675.73 Monero (XMR) balance, which was valued approximately $460,000 at the time. The hack occurred on September 1st, but Monero developer Luigi didn’t reveal it until November 2nd, on GitHub. Moreover, he claims that the breach’s origin has not been determined.
The Community Crowdfunding System (CCS) in Monero provides financial backing for members’ development initiatives. For Monero’s developer Ricardo Spagni, “this attack is unconscionable,” since the stolen coins might have been used to cover basic living expenses like rent or food by contributors.
Nine Separate Transactions
The seed phrase for the wallet was known only to Luigi and Spagni. According to Luigi’s piece, the CCS wallet was put up on an Ubuntu machine in 2020, with a Monero node.
Luigi had utilized a hot wallet stored on a desktop computer running Windows 10 Pro since 2017 to make contributions to community members. The CCS wallet provided funding for the hot wallet when required. However, in nine separate transactions on September 1st, the CCS wallet was emptied. The Monero development team has requested that the General Fund be used to pay off outstanding debts.
Spagni stated:
“It’s entirely possible that it’s related to the ongoing attacks that we’ve seen since April, as they include a variety of compromised keys (including Bitcoin wallet.dats, seeds generated with all manner of hardware and software, Ethereum pre-sale wallets, etc.) and include XMR that’s been swept.”
Other developers have speculated that the vulnerability stems from the wallet keys being publicly accessible on the Ubuntu server.
Highlighted Crypto News Today:
DeFi Lending Protocol Aave Shuts Several Markets After Uncovering Issue