Following a rather hectic disclosure process, an exchange-deposit bug found in the official Monero wallet has been patched and revealed to the public. Monero developers quickly fixed the vulnerability after one bugfinder went rogue and leaked the issue on Sunday. A patch has now been released, and the problem is under control—just in time for a second bug to arise.
First Bug Affects Exchanges
The first bug affects exchanges and other similar services, meaning that users do not need to worry. Lead developer Riccardo Spagni has also commented that the bug does not affect the Monero blockchain at all: “This is not a consensus bug, there is no double spend, it does not allow coins to be created out of thin air.”
Instead, the bug affects services that receive Monero deposits. Basically, transaction amounts are represented in two different ways, and prior to the patch, an attacker would have been able to misrepresent a deposit’s true value. The original bug concerned Coinbase, but other exchanges like Kraken have also…