An unfortunate fate has just befallen the Monero community, where an attack is reported to have damaged the wallet of its Community Crowdfunding System (CCS) funding system, and a balance of 2,675.73 Monero (XMR) with a value of almost US$460,000 was wiped out.
Cointelegraph reported that this incident took place on September 1, 2023, but this attack was only revealed on GitHub on November 2 by Monero developer Luigi.
“The CCS wallet was drained by 2,675.73 XMR (entire balance) on September 1, 2023, just before midnight. Hot wallets used for payments to contributors are not affected; This wallet balance is around 244 XMR. "At this time, we have not succeeded in identifying the source of the attack," said Luigi.
The source of the security breach, which led to a large amount of XMR being wiped out, is still unknown, which makes the Monero community even more worried.
Luigi said that CCS Monero is an important component in this community, because the funds provided support development proposals submitted by its members. This unfortunate attack has left contributors who depend on the fund for their livelihoods in a difficult situation.
“This attack is unjustified, as they have taken funds that a contributor might rely on to pay rent or buy food,” said another Monero developer, Ricardo “Fluffypony” Spagni.
Luigi and Spagni are the only individuals who have access to this wallet passphrase, which makes this attack even more confusing.
According to Luigi's post, this CCS wallet was created on the Ubuntu system in 2020, running alongside Monero nodes.
To facilitate payments to community members, Luigi uses a hot wallet that has been running on Windows 10 Pro desktops since 2017.
This hot wallet is regularly funded by the CCS wallet. However, on September 1, the CCS wallet was emptied through nine transactions, which shocked the community.
In response to this crisis, the Monero core team has proposed that General Funds be used to cover liabilities. Luigi said, CCS Monero is an important component in this community, because the funds provided support development proposals submitted by its members. This unfortunate attack has left contributors who depend on the fund for their livelihoods in a difficult situation.
“This attack is unjustified, as they have taken funds that a contributor might rely on to pay rent or buy food,” said another Monero developer, Ricardo “Fluffypony” Spagni.
Luigi and Spagni are the only individuals who have access to this wallet passphrase, which makes this attack even more confusing.
According to Luigi's post, this CCS wallet was created on the Ubuntu system in 2020, running alongside Monero nodes.
To facilitate payments to community members, Luigi uses a hot wallet that has been running on Windows 10 Pro desktops since 2017.
This hot wallet is regularly funded by the CCS wallet. However, on September 1, the CCS wallet was emptied through nine transactions, which shocked the community.
In response to this crisis, the Monero core team has proposed that General Funds be used to cover liabilities. Luigi said, CCS Monero is an important component in this community, because the funds provided support development proposals submitted by its members. This unfortunate attack has left contributors who depend on the fund for their livelihoods in a difficult situation.
“This attack is unjustified, as they have taken funds that a contributor might rely on to pay rent or buy food,” said another Monero developer, Ricardo “Fluffypony” Spagni.
Luigi and Spagni are the only individuals who have access to this wallet passphrase, which makes this attack even more confusing.
According to Luigi's post, this CCS wallet was created on the Ubuntu system in 2020, running alongside Monero nodes.
To facilitate payments to community members, Luigi uses a hot wallet that has been running on Windows 10 Pro desktops since 2017.
This hot wallet is regularly funded by the CCS wallet. However, on September 1, the CCS wallet was emptied through nine transactions, which shocked the community.
In response to this crisis, the Monero core team has proposed that the General Fund be used to cover existing liabilities.
■ Attack on Monero Community Wallet Caused by Compromised SSH Session
This attack has raised concerns that it may be related to a series of attacks ongoing since April, which have compromised various keys, including Bitcoin's wallet.dat file, passphrases generated with various hardware and software, Ethereum's initial sales wallet, and now Monero funds (XMR).
Some developers speculate that this security breach may have stemmed from wallet keys being accessible online on Ubuntu servers.
This suggests that the attack may have been the result of unauthorized access to the server, possibly involving a compromised SSH session.
“I wouldn't be surprised if Luigi's Windows computer was already part of an undetected botnet, and its operators carried out this attack via SSH session details on that computer (either by stealing SSH keys or by using remote desktop control capabilities via a trojan when the victim was not aware). "A developer's Windows computer being compromised can cause major breaches, and this is not an uncommon occurrence," said the pseudonymous developer Marcovelon.
