On Tuesday, Monero developers released a post-mortem report on how they corrected the recording error that allowed attackers to record XMR files stored in Exchange repositories. Users burn the Monero by flooding the system with identical hidden addresses for several payments, which means that the funds for these accounts cannot be used. In fact, all requests that use the same address as the first request will be rejected because the system identifies them as suspicious. The attacker only loses the transaction fees paid in the stock market.
“The recording error does not allow the budget, in principle, to send an alert if it obtains an extracted result. As a result of that, an attacking Monero determined from the purse of an Exchange organization or server with only the transaction fees that are used for every transaction, lose. ”
When sending Monero, a key frame is generated exclusively. Therefore, several requests lead to the formation of several identical key frames. This leads to the rejection of subsequent transactions. The attacker can achieve this by modifying the code and sending the same private key over and over again. The requests would be sent to a recorded furtive address, but only these could be used.
According to the report, one of the members of the Monero community produced a hypothetical description of how the attack on Reddit works. After the developers saw it, they quickly decided to repair it to avoid exploitation. They notified the replacement and repaired the hole. A warning email was also sent to everyone on Monero’s public mailing list.
Although some damage was done, the delivery protocol of the part was not affected by the recording error. However, error reports may have caused some stock exchanges to temporarily remove Monero from its interchangeable parts list, as reported by smartereum.com.
