After the announcement of the ‘Burning Bug’ that has affected the Monero network, the protocol’s community has released a blog post explaining the bug, its implications, and the protective measures it took to contain this bug.
Multiple images of the transaction keys
Essentially, the bug works by disabling the user’s wallet alerting system when a burned fund is received. A burnt fund is when a potential attacker sends multiple transactions to the same stealth address, causing the network to create multiple images of the transaction keys. Eventually, the attacker gets to keep all the transacted funds while only losing the network fees on these transactions.
This bug was discovered when a member of the community proposed a “hypothetical” scenario. It showed the detailed steps that a possible attacker can follow to take advantage of this loophole in the protocol. Shortly after, Monero developers announced the release of a private patch. The solution will be implemented on the v0.12.3.0 release branch of the network.
Significant damage to the transactions at minimal cost to the attacker
Such measures were not easy to communicate to the entire network. According to a release by one of Monero’s developers,
“I (and others) privately notified as many exchanges, services, and merchants as possible with the (private) patch. This is clearly not the preferred method, as it (i) invariably excludes organizations that I (and others) personally do not have contact with but are an essential part of the Monero ecosystem, and (ii) may invoke a view of preferential treatment.”
Although the bug was able to create significant damage to the transactions of the organizations on the network with minimal cost to the attacker, it didn’t affect the protocol that guarded the Monero coin supply, leaving it untouched. As it may be, the butterfly effect was already in motion, given the popularity of the Monero project. This, coupled with the fact that it shares technology with other coins, made this a remarkable bug issue.
Suspension of exchange deposits and withdrawal
One of the platforms using the Monero code is Electroneum (ETN). The community has immediately reacted to the burning bug news by suspending exchange deposits and withdrawals. The developers announced that they wanted to confirm that the bug hasn’t affected their network as well, given that it was recently forked from Monero.
Oddly, this is not the first time this bug has been noted on a platform. In the past, ByteCoin (BCN) and ZCash were reported to have faced similar planned attacks but with more damaging results.
Also affected by this development is the Haven project (XHV), which announced yesterday on their website that a new update to their software (3.1.0) has been released addressing the burning bug.
The brighter side of the XMR market
On a brighter note, the XMR market price has remained unchanged; in fact, the coin was up about 1.2% within the last 48 hours, trading today at $113.40.
Lastly, it should be noted that such incidents are a reminder that the cryptosphere is still in its relative infancy and hence susceptible to such bugs. This highlights the fact that code scrutiny should always be a priority.