Monero’s CCS Wallet Was Exploited, Attacker Drains $460,000 in Nine Transactions

Key Points:

• Monero’s CCS wallet was exploited on September 1, 2023, draining the entire balance of 2,675.73 XMR, valued at approximately $460,000.
• The source of the vulnerability is still unknown, but blockchain security firm SlowMist suggests a “loophole in the Monero privacy model.”
• Moonstone Research, a blockchain analysis firm, concluded that the exploiter was likely a user of the Monerujo wallet with the PocketChange feature enabled.

Monero’s CCS wallet was exploited on September 1, 2023, as revealed by the decentralized community-driven project.

Monero’s CCS Wallet Was Exploited, $460,000 Stolen

It has been reported that the attacker drained the wallet through nine transactions, depleting its entire balance of 2,675.73 XMR, which is valued at approximately $460,000. Chinese cryptocurrency reporter Colin Wu, known for his X page, Wu Blockchain, provided insights into the Monero CCS hack, which is still surrounded by mystery.

Wu also highlighted the theory by blockchain security firm SlowMist, which suggests a “loophole in the Monero privacy model” as the source of vulnerability. Monero’s disclosure revealed that the CCS, funded by donations, held a total balance of 2675.73 XMR until September 1. It was not until November that Monero developer Luigi noticed the complete theft of the wallet holdings.

Monero’s CCS Wallet Was Exploited By Hacker Traced to Monerujo Wallet with PocketChange Feature Enabled

Moonstone Research meticulously tracked the attacker’s transactions and concluded that the exploiter was likely a user of the Monerujo wallet with the PocketChange feature enabled. Monerujo, an Android-based non-custodial Monero wallet, offers PocketChange to address Monero’s limitations by dividing funds into multiple “pockets” or “notes.”

According to Monerujo’s explanation, enabling PocketChange splits a larger coin into smaller parts and spreads them into 10 different pockets. This prevents the coins from merging again, allowing instant spending from all pockets without waiting the typical 20 minutes. Moonstone Research, through four Crescent Discovery Reports, identified that the attacker generated 11 output enotes, which deviates from typical transactions. Confirming their analysis, Moonstone Research stated, “We believe this is the most likely scenario, regardless of whether the attacker was using Monerujo version 3.3.7 or 3.3.8.”

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.