{"id":231825,"date":"2019-07-06T21:05:12","date_gmt":"2019-07-07T01:05:12","guid":{"rendered":"http:\/\/insidebitcoins.com\/?p=231825"},"modified":"2019-07-06T21:08:16","modified_gmt":"2019-07-07T01:08:16","slug":"moneros-recent-security-fix","status":"publish","type":"post","link":"https:\/\/insidebitcoins.com\/news\/moneros-recent-security-fix","title":{"rendered":"Monero\u2019s Recent Security Fix Could Have Gone Sideways"},"content":{"rendered":"<p>Tech security and disclosure platform HackerOne <a href=\"https:\/\/hackerone.com\/reports\/501585\">published<\/a> a bombshell report which detailed the recent vulnerabilities disclosed by popular privacy coin Monero (XMR). While security flaws are not uncommon in the crypto community, one of these flaws, in particular, would have made it possible for criminals to steal XMR directly from <a href=\"https:\/\/insidebitcoins.com\/cryptocurrency-exchanges\">cryptocurrency exchanges<\/a>. The flaw has since been resolved, but it rings ironic nonetheless; Monero has never been the first choice for newbie investors who buy cryptocurrency, as its appeal has primarily been because of its security. The fact that it has such a gaping security error is quite worrying.<\/p>\n<p>Essentially, the presence of this flaw meant that scam XRM miners would be able to create \u201cspecially crafted\u201d blocks and force wallets and exchanges into accepting fake deposits, the amount of which the scam miners could even choose.<\/p>\n<p>\u201cSo to exploit the vulnerability an attacker will need to modify the daemon to create blocktemplates with zero amount in the miner tx, with a valid-enough RCT signatures so the amount will decode. The attacker will need to mine a block directly to an exchange wallet. Most exchanges identify their users by payment id. Including the said field in miner tx is not available functionality. While this seems to be trivial to implement, it was not attempted by us,\u201d the report reads.<\/p>\n<p>In addition, the report also detailed several DoS attacks. One of these attacks was related to CryptoNode, an application infrastructure to ensure the privacy of transactions over the network. By taking advantage of the flaw, scammers could potentially request large amounts of blockchain data from the Monero network, therefore bringing down some of the network\u2019s nodes.<\/p>\n<p>The bug was discovered by Andrey Sabelnikov, a researcher with HackerOne. In a statement, he claimed that large blockchains with long histories like Monero\u2019s have protocol requests that can be pushed to call blocks from different nodes. In some cases, these blocks could number in their hundreds of thousands, and this is a significant security breach.<\/p>\n<p>The researcher also warned that there could be other crypto assets or projects that rely on CryptoNote and which, by extension, could be susceptible to these attacks as well.<\/p>\n<p>The report continues in what seems to be a year of massive corrections for Monero regarding the general safety of its network. Back in April, the operators of the currency <a href=\"https:\/\/www.reddit.com\/r\/Monero\/comments\/bavnwl\/ledger_change_output_bug_post_mortem_with_a_happy\/\">announced<\/a> on Reddit that they had fixed a flaw on the Ledger wallet, which made it look like customers\u2019 funds weren\u2019t being moved.<\/p>\n<p>Ledger first reported the flaw to Monero\u2019s subreddit in March, as it affected customers who couldn&#8217;t access their XMR on the Ledger Nano S hardware wallet. The initial complaint saw a lot of about 1,680 XMR (worth about $115,000 at the time), although Monero confirmed that losses were minimal.<\/p>\n<p>Monero eventually promised to be more thorough in their code reviews, and given how they\u2019ve handled the recent security flaws, it seems they plan on keeping to their word.<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"fin-excerpt\">Tech security and disclosure platform HackerOne published a bombshell report which detailed the recent vulnerabilities disclosed by popular privacy coin Monero (XMR). While security flaws <a class=\"read-more-link\" href=\"https:\/\/insidebitcoins.com\/news\/moneros-recent-security-fix\" title=\"Monero\u2019s Recent Security Fix Could Have Gone Sideways\">[&#8230;]<\/a><\/div>","protected":false},"author":1770,"featured_media":230312,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[7596],"tags":[5245,5297,8755,3730,7891],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.8 (Yoast SEO v21.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Monero\u2019s Recent Security Fix Could Have Gone Sideways - InsideBitcoins.com<\/title>\n<meta name=\"description\" content=\"New patches were made to Monero code recently. One of these fixes prevented potential breaches on cryptocurrency exchanges\" \/>\n<meta name=\"robots\" content=\"max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Monero\u2019s Recent Security Fix Could Have Gone Sideways\" \/>\n<meta property=\"og:description\" content=\"New patches were made to Monero code recently. One of these fixes prevented potential breaches on cryptocurrency exchanges\" \/>\n<meta property=\"og:site_name\" content=\"InsideBitcoins.com\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-07T01:05:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-07T01:08:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2019\/06\/Monero.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3000\" \/>\n\t<meta property=\"og:image:height\" content=\"2000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jimmy Aki\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jimmy Aki\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#article\",\"isPartOf\":{\"@id\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825\"},\"author\":{\"name\":\"Jimmy Aki\",\"@id\":\"https:\/\/insidebitcoins.com\/#\/schema\/person\/a66ff7827d8bed054aa6be4e9d8c1dad\"},\"headline\":\"Monero\u2019s Recent Security Fix Could Have Gone Sideways\",\"datePublished\":\"2019-07-07T01:05:12+00:00\",\"dateModified\":\"2019-07-07T01:08:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825\"},\"wordCount\":504,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/insidebitcoins.com\/#organization\"},\"keywords\":[\"ledger\",\"monero\",\"patch\",\"Reddit\",\"Security\"],\"articleSection\":[\"Breaking Crypto News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#respond\"]}],\"copyrightYear\":\"2019\",\"copyrightHolder\":{\"@id\":\"https:\/\/insidebitcoins.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#primaryimage\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825\",\"url\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825\",\"name\":\"Monero\u2019s Recent Security Fix Could Have Gone Sideways - InsideBitcoins.com\",\"isPartOf\":{\"@id\":\"https:\/\/insidebitcoins.com\/#website\"},\"datePublished\":\"2019-07-07T01:05:12+00:00\",\"dateModified\":\"2019-07-07T01:08:16+00:00\",\"description\":\"New patches were made to Monero code recently. One of these fixes prevented potential breaches on cryptocurrency exchanges\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825\"]}],\"primaryImageOfPage\":{\"@id\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#primaryimage\"},\"image\":{\"@id\":\"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#primaryimage\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/insidebitcoins.com\/#website\",\"url\":\"https:\/\/insidebitcoins.com\/\",\"name\":\"InsideBitcoins.com\",\"description\":\"Search &amp; Compare Brokers within Crypto, Forex &amp; Stocks\",\"publisher\":{\"@id\":\"https:\/\/insidebitcoins.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/insidebitcoins.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/insidebitcoins.com\/#organization\",\"name\":\"InsideBitcoins\",\"url\":\"https:\/\/insidebitcoins.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/insidebitcoins.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2022\/07\/insidebitcoins.svg\",\"contentUrl\":\"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2022\/07\/insidebitcoins.svg\",\"width\":195,\"height\":32,\"caption\":\"InsideBitcoins\"},\"image\":{\"@id\":\"https:\/\/insidebitcoins.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/insidebitcoins.com\/#\/schema\/person\/a66ff7827d8bed054aa6be4e9d8c1dad\",\"name\":\"Jimmy Aki\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/insidebitcoins.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2024\/04\/avatar_user_1770_1713269729-96x96.png\",\"contentUrl\":\"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2024\/04\/avatar_user_1770_1713269729-96x96.png\",\"caption\":\"Jimmy Aki\"},\"description\":\"Jimmy has been following the development of blockchain for several years, and he is optimistic about its potential to democratize the financial system. Jimmy's previously published work can be found on Business2Community, EconomyWatch, Learnbonds.com, Basketball Insiders, Buyshares.co.uk and a range of other leading media publications. Jimmy has also been investing in Bitcoin since 2018 and more recently in non-fungible tokens (NFTs) since their boom in 2021.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/jimiakinleye\/\"],\"url\":\"https:\/\/insidebitcoins.com\/news\/author\/jimmyaki\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Monero\u2019s Recent Security Fix Could Have Gone Sideways - InsideBitcoins.com","description":"New patches were made to Monero code recently. One of these fixes prevented potential breaches on cryptocurrency exchanges","robots":{"max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825","og_locale":"en_US","og_type":"article","og_title":"Monero\u2019s Recent Security Fix Could Have Gone Sideways","og_description":"New patches were made to Monero code recently. One of these fixes prevented potential breaches on cryptocurrency exchanges","og_site_name":"InsideBitcoins.com","article_published_time":"2019-07-07T01:05:12+00:00","article_modified_time":"2019-07-07T01:08:16+00:00","og_image":[{"width":3000,"height":2000,"url":"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2019\/06\/Monero.png","type":"image\/png"}],"author":"Jimmy Aki","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jimmy Aki","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#article","isPartOf":{"@id":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825"},"author":{"name":"Jimmy Aki","@id":"https:\/\/insidebitcoins.com\/#\/schema\/person\/a66ff7827d8bed054aa6be4e9d8c1dad"},"headline":"Monero\u2019s Recent Security Fix Could Have Gone Sideways","datePublished":"2019-07-07T01:05:12+00:00","dateModified":"2019-07-07T01:08:16+00:00","mainEntityOfPage":{"@id":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825"},"wordCount":504,"commentCount":0,"publisher":{"@id":"https:\/\/insidebitcoins.com\/#organization"},"keywords":["ledger","monero","patch","Reddit","Security"],"articleSection":["Breaking Crypto News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#respond"]}],"copyrightYear":"2019","copyrightHolder":{"@id":"https:\/\/insidebitcoins.com\/#organization"},"image":{"@id":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#primaryimage"}},{"@type":"WebPage","@id":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825","url":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825","name":"Monero\u2019s Recent Security Fix Could Have Gone Sideways - InsideBitcoins.com","isPartOf":{"@id":"https:\/\/insidebitcoins.com\/#website"},"datePublished":"2019-07-07T01:05:12+00:00","dateModified":"2019-07-07T01:08:16+00:00","description":"New patches were made to Monero code recently. One of these fixes prevented potential breaches on cryptocurrency exchanges","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825"]}],"primaryImageOfPage":{"@id":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#primaryimage"},"image":{"@id":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825#primaryimage"}},{"@type":"WebSite","@id":"https:\/\/insidebitcoins.com\/#website","url":"https:\/\/insidebitcoins.com\/","name":"InsideBitcoins.com","description":"Search &amp; Compare Brokers within Crypto, Forex &amp; Stocks","publisher":{"@id":"https:\/\/insidebitcoins.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/insidebitcoins.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/insidebitcoins.com\/#organization","name":"InsideBitcoins","url":"https:\/\/insidebitcoins.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/insidebitcoins.com\/#\/schema\/logo\/image\/","url":"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2022\/07\/insidebitcoins.svg","contentUrl":"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2022\/07\/insidebitcoins.svg","width":195,"height":32,"caption":"InsideBitcoins"},"image":{"@id":"https:\/\/insidebitcoins.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/insidebitcoins.com\/#\/schema\/person\/a66ff7827d8bed054aa6be4e9d8c1dad","name":"Jimmy Aki","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/insidebitcoins.com\/#\/schema\/person\/image\/","url":"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2024\/04\/avatar_user_1770_1713269729-96x96.png","contentUrl":"https:\/\/insidebitcoins.com\/wp-content\/uploads\/2024\/04\/avatar_user_1770_1713269729-96x96.png","caption":"Jimmy Aki"},"description":"Jimmy has been following the development of blockchain for several years, and he is optimistic about its potential to democratize the financial system. Jimmy's previously published work can be found on Business2Community, EconomyWatch, Learnbonds.com, Basketball Insiders, Buyshares.co.uk and a range of other leading media publications. Jimmy has also been investing in Bitcoin since 2018 and more recently in non-fungible tokens (NFTs) since their boom in 2021.","sameAs":["https:\/\/www.linkedin.com\/in\/jimiakinleye\/"],"url":"https:\/\/insidebitcoins.com\/news\/author\/jimmyaki"}]}},"modified_by":"Jimmy Aki","_links":{"self":[{"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825"}],"collection":[{"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/users\/1770"}],"replies":[{"embeddable":true,"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/comments?post=231825"}],"version-history":[{"count":0,"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/posts\/231825\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/media\/230312"}],"wp:attachment":[{"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/media?parent=231825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/categories?post=231825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/insidebitcoins.com\/wp-json\/wp\/v2\/tags?post=231825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}