Coinlive- We Make Blockchain Simpler
Download and install the Coinlive app
Open

Monero Crowdfunding Wallet Attacked, Entire Balance Wiped

Clement
Clement
2023/11/06 10:47

The Monero community faced a significant setback on September 1, 2023, when its Community Crowdfunding System (CCS) wallet suffered a security breach, resulting in the loss of 2,675.73 XMR, equivalent to approximately $460,000. The incident, disclosed by developer Luigi on November 2, has left the Monero community grappling with the aftermath of the attack.

Unidentified Source of Breach and Developer Response

The breach, which targeted the CCS wallet used to fund development proposals from community members, remains shrouded in mystery. Luigi and Monero's developer Ricardo "Fluffypony" Spagni were the only individuals with access to the wallet seed phrase. Luigi's post revealed that the CCS wallet was set up on an Ubuntu system in 2020, alongside a Monero node.

The breach, involving nine transactions that drained the entire balance of the CCS wallet, raised concerns within the Monero community. Spagni highlighted the gravity of the situation, stating, "This attack is unconscionable, as they’ve taken funds that a contributor might be relying on to pay their rent or buy food."

Spagni suggested a potential link to ongoing attacks since April, involving compromised keys across various cryptocurrencies, including Bitcoin and Ethereum. Developers speculated that the breach might have originated from the wallet keys being available online on the Ubuntu server. Pseudonymous developer Marcovelon raised the possibility of the attacker exploiting a compromised Windows machine, emphasising the commonality of such occurrences in major breaches.

Moonstone Research Analysis of Monero CCS Wallet Breach

Blockchain analysis firm Moonstone Research conducted an in-depth analysis of the Monero CCS wallet breach, shedding light on the hacker's activities and potential vulnerabilities.

The breach, executed by skilled hackers on September 1, involved nine transactions that emptied the CCS wallet. Moonstone identified an unusual transaction with 17 input enotes and 11 output enotes, labelling it a "poisoned" operation due to its distinctive structure. The firm believes that only the attackers executed these transactions, leaving behind traces of their activities.

Moonstone traced the attack back to a Monerujo wallet user who activated the PocketChange feature. Monerujo, an Android non-custodial Monero wallet, offers this feature to segment coins into multiple "pockets," allowing for instant spending without a 20-minute delay. The attacker generated 11 output enotes, an anomaly indicating the use of Monerujo version 3.3.7 or 3.3.8.

Privacy Challenges and Community Concerns

The breach and subsequent analysis underscore the challenges even privacy-focused cryptocurrencies like Monero face in terms of security. While Monero's core privacy mechanism remains robust, the incident sparked discussions within the community regarding the safety of decentralised projects and the potential risks associated with advanced features such as PocketChange.

Moonstone Research traced three of the hacker's transactions, revealing certain aspects of Monero's privacy features.

Moonstone's postmortem disclosed that, under specific circumstances, XMR transactions can be partially traced despite their privacy features. The investigation focused on one transaction that merged funds from the nine initial hack transactions, indicating potential tracing possibilities.

While the report demonstrated partial tracing capabilities, it emphasised the complexity of Monero transactions, designed to impose complexity on transaction graphs, leading to false positives and ambiguity. This development sparked discussions within the crypto community, with some expressing surprise and concern about the perceived privacy limitations.

Security expert Seth Simmons highlighted the atypical nature of the tracing scenario, emphasising that it doesn't apply to the typical Monero user. Simmons stressed that XMR remains inherently private and resistant to most tracking attempts. He attributed the tracing ability to unusual circumstances, including sharing private keys with a chain surveillance company and providing significant off-chain metadata voluntarily.

The Monero community faces ongoing challenges in addressing the breach, highlighting the importance of continuous efforts to enhance security measures within digital currency systems.

More news about monerujo malware

  • Jun 10, 2024 8:35 am
    Warning Issued About ComfyUI_LLMVISIO Plugin Containing Malware
    According to Odaily, a developer identified as @op7418 has issued a warning about the ComfyUI_LLMVISIO plugin. The developer stated that this plugin contains malware that can send your browser passwords, credit card information, and browsing history to hackers. If installed, it is advised to uninstall it as soon as possible and clean the registry. The founder of SlowMist, Yu Xian, also commented on this issue. He warned users who are dealing with AI to be cautious of this plugin. If it is installed on your computer, he advised to follow the corresponding instructions to check and handle the situation as soon as possible.
  • May 31, 2024 10:06 pm
    Multi-National Operation Targets Malware Distributors Across Europe
    According to PANews, a large-scale operation named 'Final Action' was carried out to combat the ecosystem of malicious software distributors. This operation, led by France, Germany, and the Netherlands, took place from May 27 to 29, 2024, targeting various malware distributors including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. Investigations revealed that one of the main suspects had earned at least 69 million euros (approximately 75 million dollars) in cryptocurrency by deploying ransomware through a rented criminal infrastructure website. Law enforcement agencies are closely monitoring the suspect's transactions and have obtained legal permission to seize these assets in future operations. The press release issued by the European Police Organization did not mention any specific cryptocurrency or platform used in the transactions. During this operation, law enforcement agencies made progress in disrupting the malware ecosystem. Four individuals were arrested, one in Armenia and three in Ukraine. In addition, 16 locations were searched in Armenia, the Netherlands, Portugal, and Ukraine. Over 100 servers were shut down or disrupted in several countries, including Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the UK, the US, and Ukraine. Authorities also took control of more than 2000 domain names.
  • May 20, 2024 5:08 pm
    Dogecoin Founder Issues Important Malware Warning to Advertisers
    Dogecoin founder shares malware lesson with advertisers source: https://u.today/dogecoin-founder-issues-important-malware-warning-to-advertisers
  • May 13, 2024 10:20 am
    North Korean hackers deploy ‘Durian’ malware, targeting crypto firms
    The state-backed North Korean hacking group Kimsuky reportedly used a new malware variant to target at least two South Korean crypto firms. source: https://cointelegraph.com/news/north-korean-hackers-deploy-durian-malware-targeting-south-korean-crypto-firms
  • May 07, 2024 1:11 pm
    SlowMist CISO Warns Mac Users About Cuckoo Malware Threat
    SlowMist's Chief Information Security Officer (CISO), known online as 23pds, has issued a warning to Mac users about a new strain of malware called Cuckoo. Posted on the X platform, the notice mentions how Cuckoo poses a significant risk to Intel and ARM-based Macs, primarily focusing on stealing data from cryptocurrency wallets and messaging applications. Cuckoo distinguishes itself through a unique propagation method. It spreads across systems via music streaming channels, making detection and isolation more challenging. Mac users are urged to exercise heightened caution to protect their digital assets and data from this invasive malware. Frequent system scans, careful online behavior, and regular updates to the latest OS versions are some of the recommended measures to fend off potential Cuckoo infiltration. 
  • Mar 29, 2024 5:02 pm
    Massive malware campaign targets video gamers and Bitcoin wallets
    A recent surge in malware attacks has sent shockwaves through the gaming community, with reports emerging of a sophisticated campaign targeting video gamers and their Bitcoin wallets. The malicious software, identified by the malware information repository vx-underground, has been specifically engineered to infiltrate systems and steal valuable credentials, leaving countless users vulnerable... source: https://www.cryptopolitan.com/malware-targets-video-gamers-and-btc-wallets/
  • Jan 23, 2024 2:51 pm
    Sneaky malware targeting MacOS users via pirated apps uncovered
    A renowned cybersecurity firm has recently uncovered a sophisticated malware campaign targeting MacOS users who download pirated apps from unauthorized sources.  This malware infiltrates users’ computers through compromised software installers and replaces their legitimate Bitcoin and Exodus crypto wallets with infected versions.  While the hackers are still actively developing this malware,... source: https://www.cryptopolitan.com/malware-macos-users-via-pirated-apps-uncover/
  • Dec 22, 2023 10:01 pm
    What is crypto malware, and how to detect it?
    Unveil the threat of crypto malware and learn effective detection methods to safeguard your digital assets and transactions. source: https://cointelegraph.com/news/what-is-crypto-malware-and-how-to-detect-it
  • Nov 05, 2023 4:17 am
    North Korean Hackers Target Crypto Engineers with Kandykorn Malware
    According to CryptoPotato, Elastic Security Labs has recently uncovered a sophisticated cyber intrusion by North Korean hackers believed to be associated with the Lazarus group. The incident, tracked as REF7001, involved the use of a new macOS malware named Kandykorn, specifically designed to target blockchain engineers involved in cryptocurrency exchange platforms. The malware was distributed through a private message on a public Discord server, which is atypical of macOS intrusion tactics.The Kandykorn malware initiates communication with a command-and-control (C2) server, utilizing encrypted RC4 and implementing a distinct handshake mechanism. It patiently awaits commands, allowing hackers to retain control over the compromised systems discreetly. Elastic Security Labs has provided valuable insights into the capabilities of Kandykorn, showcasing its proficiency in performing file upload and download, process manipulation, and execution of arbitrary system commands. The malware also utilizes reflective binary loading, a fileless execution technique associated with the notorious Lazarus Group.There is compelling evidence linking this attack to the Lazarus Group in North Korea, including similarities in techniques, network infrastructure, certificates used to sign malicious software, and custom methods for detecting Lazarus Group activities. On-chain transactions have revealed connections between security breaches at Atomic Wallet, Alphapo, CoinsPaid, Stake.com, and CoinEx, further proving the Lazarus Group's participation in these exploits. Elastic Security Labs has emphasized the importance of robust cybersecurity measures to safeguard against such threats.
  • Sep 01, 2023 7:02 pm
    U.S. FBI and other agencies: Malware Infamous Chisel can steal data such as encrypted wallets and exchange apps
    Odaily Planet Daily News The US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Network Security and Infrastructure Security Agency (CISA) and the UK Government Communications Headquarters (GCHQ) issued a joint advisory report, reminding users to be vigilant about stealing encryption Infamous Chisel, a new Russian malicious attack software for data such as wallets and exchange apps. The malware, linked to the Sandworm hacking group within Russia's GRU military intelligence agency, which has been targeting the Ukrainian military, was designed to allow persistent access to compromised Android devices via the Tor network, and to periodically download data from those devices, the report said. collect and send data. The malware also searches the file directories of the Web3 browser Brave, Binance and Coinbase apps, the encrypted wallet Trust Wallet, the communication platform Telegram and Discord, and extracts files from the directories against the Android Keystore system, which allows users to store private keys. (The Block)
More

More news about monerujo malware

North Korean hackers deploy 'Durian' malware to target crypto firms
North Korean hackers deploy 'Durian' malware to target crypto firms
JinseFinanceJinseFinance
May 13, 2024 12:03 pm
How DPRK and Lazarus Group Hackers Use Malware to Attack Blockchain Engineers
How DPRK and Lazarus Group Hackers Use Malware to Attack Blockchain Engineers
DavinDavin
Nov 02, 2023 2:38 pm
MAS Cyber Security Panel's Strategies Against AI Risks and Malware Scams
MAS Cyber Security Panel's Strategies Against AI Risks and Malware Scams
JoyJoy
Oct 30, 2023 5:06 pm
EtherHiding: Hackers Create New Way to Conceal Malware
EtherHiding: Hackers Create New Way to Conceal Malware
KikyoKikyo
Oct 18, 2023 1:37 pm
Job Hunting on LinkedIn? Beware of Malware From the Lazarus Group
Job Hunting on LinkedIn? Beware of Malware From the Lazarus Group
DavinDavin
Oct 05, 2023 2:34 pm
Realst: The Deceptive Crypto Malware Targeting Apple Users
Realst: The Deceptive Crypto Malware Targeting Apple Users
Coinlive Coinlive
Jul 27, 2023 11:59 pm
Apple macOS Targeted in Latest Crypto-Jacking Malware Threat
Apple macOS Targeted in Latest Crypto-Jacking Malware Threat
BeincryptoBeincrypto
Feb 24, 2023 2:05 pm
Crypto malware impersonating Google Translate app infects thousands of PCs
Crypto malware impersonating Google Translate app infects thousands of PCs
FinboldFinbold
Sep 02, 2022 6:07 pm
GitHub faces widespread malware attacks affecting projects, including crypto
GitHub faces widespread malware attacks affecting projects, including crypto
CointelegraphCointelegraph
Aug 03, 2022 10:50 pm
PennyWise crypto-stealing malware spreads through YouTube
PennyWise crypto-stealing malware spreads through YouTube
CointelegraphCointelegraph
Jul 06, 2022 11:21 am
More
0 Comments
Earliest
Load more comments
© 2024 Coinlive.
Home
News
Markets
Wiki
More