The Monero team has reportedly disclosed nine vulnerabilities that are present in the code.
One of these has allowed hackers to steal crypto from exchanges, says The Next Web.
Accepting fake deposits for an XMR account
Until back in March, rogue Monero miners were hypothetically able to create “specifically-crafted” blocks in order to force Monero wallets into accepting fake deposits for an XMR amount chosen by the attacker.
“It is our belief that this can be exploited to steal money from exchanges,” said security researchers in their initial HackerOne report. They were eventually awarded 45 XMR ($4,100) for their huge efforts.
A critical severity
The online publication mentioned above said that five DoS attack vectors were also disclosed, with one labeled “critical” severity.
They also mention a flaw related to CryptoNote – the application layer that’s used for Monero to increase transactional privacy.
This flaw could have seen hackers take Monero nodes down are request massive amounts of blockchain data from the network.
Andrey Sabelnikov, who discovered the bug, told Hard Fork: “If you have quite a big blockchain (with long history like Monero […]), then you can push a protocol request that will call all of its blocks from another node, which could be hundreds of thousands of blocks.”
“Preparing such a response can take a lot of resources. Eventually, the OS might kill it due to the huge memory consumptions, which is typical of Linux systems,” he added.