The community wallet of Monero, a privacy-focused cryptocurrency, has suffered a significant loss of 2,675.73 Monero (XMR), equivalent to almost $460,000, in a recent attack.
The incident occurred on September 1, but it was only disclosed on GitHub on November 2 by Monero’s developer, Luigi. The perpetrator behind the breach remains unidentified. Luigi stated, “The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”
Monero’s Community Crowdfunding System (CCS) supports development proposals from its members, and this attack has raised concerns about the impact on contributors who rely on these funds for essential expenses. Developer Ricardo “Fluffypony” Spagni expressed his dismay, saying, “This attack is unconscionable, as they’ve taken funds that a contributor might be relying on to pay their rent or buy food.”
Only Luigi and Spagni had access to the wallet seed phrase. The CCS wallet, established on an Ubuntu system in 2020 alongside a Monero node, was used to make payments to community members. The hot wallet, located on a Windows 10 Pro desktop since 2017, remained unaffected. However, on September 1, the CCS wallet was emptied in nine transactions. Monero’s core team is urging the General Fund to cover the existing liabilities.
Spagni speculated on a potential link to ongoing attacks since April involving compromised keys, including Bitcoin wallet.dats, Ethereum pre-sale wallets, and now Monero. Some developers believe the breach may have originated from the wallet keys being available online on the Ubuntu server.
Pseudonymous developer Marcovelon suggested a possibility that Luigi’s Windows machine could have been part of an undetected botnet, allowing attackers to exploit the system via SSH session details or through the trojan’s remote desktop control capability. Such compromises of developers’ machines leading to significant breaches are not unprecedented in the cybersecurity landscape.