A vulnerability report posted last Wednesday on the HackerOne bug bounty platform reveals that code from Monero's cryptocurrency wallet contained a critical flaw that attackers could exploit to steal directly from digital coin exchanges.
Apparently, that's exactly what happened to Altex.exchange, which recently suffered a major losses after attackers capitalised on the bug to pilfer ArQmA (ARQ) coins, which are forked from Monero. (XMR)
Discovered by researcher Jason Rhinelander and subsequently patched in the current Monero release, the bug is described in the report as a business logic error in the wallet balance display that also impacts transfers on actual exchanges. In essence, whenever one XMR coin is moved to an exchange with a duplicated transactional public key (tx pub key), the bug mistakenly counts that coins twice, doubling the deposit.
Consequently, the attackers were able to initiate transfers in which they gained double their initial coin holdings by intentionally double-signing transactions with the tx pub key.
"An attacker could exploit this repeatedly to siphon...all of the exchange's balance," Rhinelander stated in his report, adding that such an attack "was carried out against ArQmA on altex.exchange; 4 different wallets managed to steal the entire ARQ exchange deposits before the ARQ wallet was put into maintenance."
In early July, Altex.exchange acknowledged the existence of a double-counting vulnerability affecting Monero-based coins in both a tweet and a Medium post, assuring readers at the time that "a solution was discovered that could be quickly implemented to correct this bug before it could be exploited," adding "no ArQmA coins or wallets have been affected."
However, in an extended tweet on 30 July Altex.exchange acknowledges that a double-counting bug did result in a major financial loss.
"We have been experiencing issues with two of our listed coins (they were still affected by the double counting bug recently found in the Monero codebase, even after updating the software)," the statement reads. "That bug caused a big loss in coins for the exchange and we have put our main currency under maintenance so the people who exploited the bug can no longer withdraw. After a really long investigation we found out that we still lost a big amount. This was caused by the coins software, it was not a bug in our system. We already contacted the developers and we are trying to find a way to solve this."
Five additional Monero bugs were published via HackerOne on 1 August, including two high-severity issues also involving business logic errors in how transfers are recorded using tx pub keys. The first is described by bug hunter moneromooo as a "misreporting of received amount by show_transfers" -- a vulnerability that could have allowed attackers to generate false reports, which they then could have used to trick support employees into crediting them back coins they never actually lost.
The other high-severity issue is described by researcher Scott Mansell as a bug that allows attackers to "craft an XMR transaction which causes the receiving wallet to report that it received twice as much XMR as the attacker actually sent... By depositing and withdrawing the same coins, doubling each time, the attacker could eventually steal all XMR from an exchange hotwallet."