Naked Security Naked Security

Monero fixes major ‘burning bug’ flaw, preventing mass devaluation

The flaw arises from the use of stealth wallet addresses, an anonymity concept that's especially important to privacy-sensitive Monero users.

The developers of Monero (XMR) call it the “burning bug” and they might never have done anything about it if an anonymous user hadn’t posed an awkward hypothetical question on the cryptocurrency’s subreddit last week.

What happens if I spend from a specific stealth address and then someone sends more to it? Are the funds inaccessible as the key image has already been used?

The query must have sounded naïve until the developers realised that the apparent non-expert had just confirmed a major flaw in wallets used to transact the controversial and what is reportedly the world’s tenth most popular cryptocurrency.
Funnily enough, it appears that the same issue was brought up last year when it met with a sort of why would anyone do that? response.
The TL;DR is that a software patch was this week issued to exchanges on top of the v0.12.3.0 release branch as a source code pull request, which presumably they’ll apply promptly assuming they’re on the mailing list and know about it.
As for the burning bug itself, this presents an interesting problem created by the use of stealth wallet addresses, an anonymity concept used across the cryptocurrency world but which has become especially important to privacy-sensitive Monero users.
These are used by the recipients of currency (merchants or exchanges) so that anyone sending them currency must do so by creating their own one-time address in order to veil lots of transactions from everyone on the blockchain except themselves.
It’s not a million miles away from a PO box – you know who is sending you mail but your neighbours never see the postman deliver anything.


In the world of cryptocurrencies, however, how this is done can have big implications. An attacker exploiting the weakness could in theory send 1,000 XMR to the same stealth address, each one forged so they have the same unique key image. Normally, the blockchain would warn about the 999 duplicate keys, but in this case, it wouldn’t notice this because of the way transactions are handled with stealth addresses.
Explained Monero’s developers:

The attacker then sells his XMR for BTC [Bitcoins] and lastly withdraws this BTC. The result of the hacker’s action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.

In fact, the attacker wouldn’t be able to use the extra Bitcoins either because they would be logged as double spend, which would still leave the exchange nursing big losses for every such batch of fraudulent transactions.

Therefore, a determined attacker could burn the funds of an organization’s wallet whilst merely losing network transaction fees. They, however, do not accrue direct monetary gains.

No direct gains, then, but possibly indirect gains made by damaging exchanges or gaining from changes in the value of Monero arising from an attack.
What this says about Monero’s codebase is hard to assess, although sceptics will point to a sequence of problems this year, including another critical flaw from only a few weeks back.
Conclude its developers:

We, as the Monero community, should seek means to get more eyes on the code and especially new pull requests.