Skip to main content

A serious security incident has led to the Monero community wallet being completely cleared out of funds, leaving the community and developers in a state of dismay.

The breach, which affected the cryptocurrency known for its privacy features, occurred on September 1, yet it only came to public attention on November 2 via a GitHub post. The Monero team has acknowledged that the breach’s origin is currently unknown and is under active investigation.

Monero developer Luigi disclosed the severity of the theft, stating, “The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”

Details released thus far

The developers, Luigi and Ricardo “Fluffypony” Spagni, both with access to the wallet’s seed phrase, have outlined a series of events that could have led to the breach.

Initially established in 2020, the community wallet was designed to facilitate funding for proposals from community members aimed at enhancing the platform. For three years, a single Ubuntu system hosted the Monero node and hot wallet via a Windows 10 Pro laptop.

The last authorized transaction from the community wallet was conducted by Luigi on May 10, 2023. Then, between September 1 and September 2, nine unauthorized transactions completely drained the wallet.

Luigi recounted how he encountered the breach, “I logged into the CSS wallet to see only 4.6 XMR, which had been received earlier as a donation by Lovera.” Despite the dearth of public information, the shock of the incident has left the development team grappling with the mystery of the attack and the consequent restructuring of the Community Crowdfunding System (CCS).

Fluffypony has raised the possibility that the theft could be part of a larger series of attacks since April, suggesting compromised keys and potential risks to other wallets. Precautionary measures have been implemented as a result.

Community reaction and response

With the cryptocurrency community no stranger to hacks and thefts, the Monero community is both shocked and saddened by the event, yet remains committed to seeking out robust solutions and improvements, also showing appreciation for the transparency of the developers.

One community member, “lazios,” speculated on the breach’s potential cause, querying, “Does this mean that the private keys for the CSS wallet are on an online Ubuntu server? If yes, that’s where the compromise happened.” This question adds another dimension to the unfolding investigation into the security breach.

AUTHOR: