In a recent shocking occurrence, Monero’s community crowdfunding wallet was the victim of a devastating attack, resulting in the full depletion of its balance, which amounted to 2,675.73 Monero (XMR), roughly $460,000.
Although the attack occurred on September 1st, the Monero community was only made aware of it on November 2nd when Monero developer Luigi published the issue on GitHub.
Regrettably, the source of this security compromise remains unknown, casting a pall over Monero’s community.
“The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight.
The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach,” Luigi said.
The Community Crowdfunding System (CCS) of Monero is critical in supporting development requests from its members, and this merciless attack has far-reaching effects.
Read Also: Shiba Inu ($SHIB) Burn Rate Surges Over 14,000% as Marketing Lead Unveils Future Plans
Ricardo “Fluffypony” Spagni, a Monero developer, expressed his indignation, underlining,
“This attack is unconscionable, as they’ve taken funds that a contributor might be relying on to pay their rent or buy food.”
The fascinating part of this affair is that only Luigi and Spagni had access to the wallet’s seed word. According to Luigi’s post, the CCS wallet was created on an Ubuntu system in 2020, along with a Monero node.
Since 2017, payments to community members have been performed via a hot wallet installed on a Windows 10 Pro desktop.
The CCS wallet was used to replenish the hot wallet when needed. However, on September 1st, a series of nine transactions entirely depleted the CCS wallet, leaving Monero’s core team to deal with the fallout.
This attack is suspected to be linked to a series of ongoing attacks that have used numerous compromised keys, including Bitcoin wallet.dats, seeds created by various hardware and software, Ethereum pre-sale wallets, and now Monero XMR.
Some developers believe the compromise was caused by the wallet keys being exposed publicly via the Ubuntu server.
Given these developments, the Monero community faces a difficult path ahead, with many unresolved questions about the security of their funds and the potential weaknesses that lead to this disastrous tragedy.
The General Fund has been asked to accept responsibility for addressing the current liabilities resulting from this heinous violation.
