In line with the post, an email reportedly sent to the Monero [XMR] announce mailing list warns exchanges and operators employing the coin that the XMR Vulnerability Response team received a report regarding a vulnerability. The vulnerability consists of the mishandling of outputs in coinbase transactions [the 1st transactions in an exceedingly block, always created by miners].
This mishandling might probably permit a hacker to fake the deposit of an arbitrary quantity of XMR to an exchange. Still, the e-mail conjointly consisted parameters for the wallet, that are effectively a work-around preventing the vulnerability from being exploitable. The official Monero profile conjointly ‘tweeted‘ a similar workaround earlier on 3rd March.
Just about 10 hours later, the Monero account ‘tweeted‘ that the fix for the vulnerability has been written and was awaiting further reviews. From the ‘GitHub page‘ dedicated to the patch, it seems that the code has been already incorporated within the main branch, which implies that the fix is prepared and solely requires the new release to be revealed.
Ryo, a cryptocurrency derived from ‘XMR‘, added in its Medium ‘post‘ that its team mounted this vulnerability seven months past. The post justifies the lack of an accountable revealing towards the Monero team earlier by noting XMR’s “long history of toxic behaviour towards security researchers.”
Additionally, the post conjointly claims that once discussing the exploit within the Ryo public channel, the author of the post accidentally conjointly disclosed a distinct issue, concluding:
“Monero [XMR] may need to get that one patched too.”
As reported earlier today, the Ledger developers team has ‘announced a warning‘ on XMR’s subreddit on 4th March advising users to don’t use the Nano S Monero app once another apparent bug reportedly led a user losing over 1,650 XMR.