- Monero’s Community Crowdfunding System funds members’ development proposals
- The hot wallet used to pay community members was on a Windows 10 Pro
- The wallet keys on Ubuntu could have been the source of the breach
A September attack depleted the whole balance of Monero’s community crowdfunding wallet, which amounted to 2,675.73 Monero (XMR). This amount is equivalent to around $460,000, Bankless Times learned from a post on GitHub, publicized by Cointelegraph.
Source of breach still unknown
The post dates from November 2, but the incident took place back on September 1. According to Luigi, a developer of the privacy coin’s ecosystem, the source of the breach remains unknown. He wrote:
The CCS Wallet was drained of 2,675.73 XMR (the entire balance). The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.
A “shocking” attack
Monero’s Community Crowdfunding System (CCS) finances members’ development proposals. Spagni, another Monero developer, called the attack shocking. The assailant stole money that contributors were likely relying on to cover basic needs like food.
CCS wallet swept in 9 transactions
Luigi used a hot wallet to pay community members, which has been on a Windows 10 Pro desktop computer for the past six years. The CCS wallet funded the hot wallet as needed.
It was swept in nine transactions on September 1. Only Luigi and Spagni had access to the wallet seed phrase. The CCS wallet had been on an Ubuntu system for the last three years.
The latest in a series of attacks on Monero
Spagni added on GitHub that the last attack was probably related to a series of attacks that have been taking place since April. Those include a number of compromised keys, Ethereum presale wallets, and seed phrases generated with different hardware and software, and include swept XMR.
Keys on Ubuntu server could be to blame
Other developers suspect the wallet keys on Ubuntu could have been the source of the breach. A pseudonymous developer commented that Luigi’s Windows computer may have been part of a malicious botnet and SSH session details were used to perpetrate the attack on it. Apparently, compromised Windows machines often enable large-scale corporate breaches.
On the plus side, other recent developments have had a favorable effect on the price of Monero.
