The developers of Monero (XMR), owing to a Reddit user found and fixed the bug by which hackers could burn cryptocurrency wallets of organization, paying a Commission for performing transaction.
The blog of the project describe the mechanism of operation of the bug: the hacker generates a random private transaction key, then modifies the code to only use this key and provide the many transaction with the same public address (for example, a hot wallet of a crypto currency exchange) to the addresses invisible. Doing a thousand transactions 1 XMR, it leads to the fact that unprepared for such behavior, the exchange shall credit the 1000 XMR, but the blockchain perceives as normal only 1 operation, burning the rest of the XMR.
Although the direct benefits of such actions, the project team suggests that the attackers could be other interest to conduct such an attack. For example, after the attack using the address stealth they could spend a single XMR exchange to bitcoins and withdraw them, leaving the stock exchange burned products.
The Monero team sent citaloram information about how to avoid such problems, and then reported on the removal of the bug.
We will remind, as of the middle of this year 5% of the issue Monero was mined with malware. And recently, experts from the Chinese company Qihoo 360Netlab discovered a botnet Fbot that seeks and destroys other botnet – com.ufo.miner, malicious variant identified in February this year, the miner ADB.Miner for mining Monero on Android devices.