Monero Discloses ‘Burning Bug’ After Heavy Secrecy

Monero XMR

Several exchanges disabled their Monero wallets on Monday, and it has now been revealed that this course of action was due to a critical bug. Although users correctly guessed that this was the case, Monero developers seemed to deny the existence of a bug.

The Monero team has now acknowledged and patched the bug, and today they sent out a post-mortem that explains the problem.

How the Bug Worked

Monero’s post-mortem has dubbed the issue “the burning bug”. Essentially, attackers would have been able to render Monero tokens unusable and unspendable.

This problem would have occurred when multiple transactions were sent to a one-time public key or stealth address. This line of attack would have created “multiple duplicate key images”, yet the recipient would only have been able to send tokens from their address once.

Although the attacker would not have been able to reap any financial benefits, the attack would have rendered the victim’s funds unusable. Exchanges and other services, rather than individuals, were mainly at risk.

Suggested Reading : Learn more about Monero here.

Devs Discuss Secrecy

This is the second critical Monero bug in less than a month — the team disclosed a multiple counting bug just weeks ago. Users are noticing a pattern, and some are dissatisfied with the Monero team’s history of secrecy.

Monero developers have acknowledged that the decision not to disclose the bug was a difficult one. According to one moderator on Reddit:

“We were extremely conflicted as to how to proceed in this situation, and will be having a serious discussion with the community about how to handle this kind of stuff in the future. Decentralized consensus is hard.”

Although secrecy can lead to damaged trust and rampant speculation in the community, silence may be necessary to maintain security.

Even a vague acknowledgement of an issue could have increased the likelihood of an attack: one moderator has said that because the bug had been publicly mentioned on Reddit, any amount of disclosure would have made it “easy to connect the dots”.

However, some argue that attackers may be able to guess that there is a bug regardless of what the dev team does. Commenters have noted that if exchanges disable Monero in the future, attackers will probably be able to deduce that there is a bug:

“Now that we have been through this twice, I would argue that in any similar situation (e.g. exchanges suddenly taking down their wallets, some claiming to have been contacted by the devs) any would-be attacker will assume that there is a bug or vulnerability.”

Although secrecy may breed fear, uncertainty and doubt, the community response to the long-awaited bug announcement was otherwise positive, with many relieved that the bug had finally been patched.

Join the NEW Unhashed Telegram or Follow Unhashed on Twitter for the Latest Cryptocurrency News Updates!

Bitcoin Bitcoin $6,588.18 +4.62%
Ethereum Ethereum $209.10 +6.41%
XRP XRP $0.45 +8.78%
Bitcoin Cash Bitcoin Cash $459.56 +4.22%
EOS EOS $5.47 +5.8%

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.

More Crypto News

Solo Mining Bitcoin and Is it Profitable?

September 18, 2018

When Bitcoin launched in 2009, it became the world’s first cryptocurrency. By utilizing miners that…

Three Crypto Wallets Removed By Google Without Warning: CoPay BitPay and Bitcoin.com

September 14, 2018

Google is once again displaying its distaste towards the cryptocurrency space by removing three wallets…

Small Canadian Town Gives in to Ransomware Hackers, Sends Bitcoin

September 12, 2018

Ransomware is a malicious form of software that makes a device unusable until the victim…

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.
Scroll Up