In the same week that a critical Bitcoin bug was discovered and fixed, preventing an exploit that could have inflated Bitcoin’s supply beyond the fixed limit of 21 million coins, a critical bug for the #1 privacy crypto Monero (XMR) has been publicly announced and patched. It is called the burning bug, and could have been exploited to burn an exchange’s or merchant’s Monero deposits.
Essentially, Monero public stealth addresses are designed to be used only once. If an exchange or merchant tries to spend from the same stealth address more than once, the key images will be duplicates for the transactions. If a key image is already present in the Monero blockchain it will reject any subsequent transactions using the duplicate, since the network considers this a double spend. A merchant or exchange can spend the biggest input in their stealth wallet and after that, all the other inputs will be stuck and effectively lost, i.e. burned.
An attacker would exploit the burning bug by generating a private transaction key and using that same key to send multiple deposits to the same public stealth address on an exchange. Instead of sending XMR 1,000 in a transaction, the attacker would send 1,000 transactions of XMR 1 each to the same public stealth address. The attacker can then trade for Bitcoin and withdraw their funds, only losing transaction fees from sending so many Monero transactions. Without the patch designed to fix the burning bug, the exchange would not be warned that this has occurred until too late.
Therefore, the merchant or exchange would lose XMR 999. An attacker could do this to take down a competing merchant or exchange, or to spread fear that Monero is risky to accept as a payment. A user on Reddit named GasDoves actually discovered the burning bug and since his post, a patch was created which prevents the burning bug; this patch was eventually included in Monero’s actual codebase. That being said, exchanges and merchants must implement the patch for it to be effective.
It is unknown how many Monero have become inaccessible due to the burning bug, at this time there are no actual examples of the burning bug being exploited, suggesting if there are any losses they are isolated and minimal. Monero’s market price has not reacted to the news of the burning bug as of this writing on 26 September 2018.
Follow BitcoinNews.com on Twitter: @bitcoinnewscom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: Pixabay