Monero developers have patched a bug that could have affected the XMR ecosystem. The bug could burn digital currencies in the wallet with a loss of minor transaction fees of the attacker. It came into the notice when one of the community members reported about a hypothetical attack on the XMR subreddit. The blog explained how this hypothetical attack works.
First, the attacker generates a random private key. Then, the modify the code to use the same private key for multiple transactions to a single public address. With a thousand transactions to an exchange (of 1 XMR, say), the attacker gets 1000 XMR from the exchanger. On the other hand, being unable to figure out the abnormality, the exchange appears clean.
The attack could benefit the doer in an indirect way though not directly. The attacker could buy one BTC out of XMR collected thereby leaving the exchange with 999 unused (or “Burnt”) XMRs. Thankfully, the bug was incapable of affecting neither the coin supply nor the protocol. Besides, the developers have fixed the bug with a patch which they made official on XMR’s twitter page.
However, this is not the first attack on XMR’s security protocols. Earlier this year, a security breach into XMR’s mega chrome extension left a user with zero XMR in the wallet with sensitive data being exposed to an outsider.