After the announcement of the ‘Burning Bug’ that has affected the Monero network, the protocol’s community has released a blog post explaining the bug, its implications and the protective measures it took to contain this bug.
Essentially, the bug works by disabling the user’s wallet alerting system when a burnt fund is received. A burnt fund is when a potential attacker sends multiple transactions to the same stealth address, causing the network to create multiple images of the transactions keys, eventually the attacker gets to keep all the transacted funds while losing only the network fees on these transactions.
According to the Monero community, this bug was discovered when a member of the community proposed a “hypothetical” scenario of the detailed steps that a possible attacker can follow to take advantage of this loophole in the protocol. Shortly after, the Monero community developers announced the release of a private patch that has integrated a solution and that needed to be implemented on the v0.12.3.0 release branch of the network. Such measures were not easy to communicate to the entire network though; according to the same blog release by one of Monero’s developers,
“I (and others) privately notified as many exchanges, services, and merchants as possible with the (private) patch.This is clearly not the preferred method, as it (i) invariably excludes organizations that I (and others) personally do not have contact with, but are an essential part of the Monero ecosystem and (ii) may invoke a view of preferential treatment.”
Although the bug was able to create a significant damage on the transactions of the organizations on the network -with minimum cost for the attacker- it didn’t affect the protocol which guarded the Monero coins supply leaving it untouched. As that may be, the butterfly effect was already in motion; given the popularity of the Monero project. This and coupled with the fact that it shares technology with other coins made this a remarkable bug issue.
One of the platforms using the Monero code is Electroneum (ETN). The community has immediately reacted to the burning bug news by suspending exchange deposits and withdrawals. The developers announced that they wanted to confirm that the bug hasn’t affected their network as well, given that it was recently forked from Monero.
Oddly enough, this is not the first time this bug has been noted on a platform. In the past, ByteCoin (BCN) and ZCash were reported to have faced the similar planned attacks but with more damaging results.
Also affected by this development is the Haven project (XHV), which announced yesterday on their form that a new update to their software (3.1.0) has been released addressing the burning bug.
On a brighter note, the XMR market has remained unchanged, in fact the coin was up about 1.2% within the last 48 hours, trading today at $113.40.
Lastly, it should be noted that such incidents are a reminder that the cryptosphere is still in relative infancy and hence susceptible to such bugs. This highlights that code scrutiny should always be priority.