Monero’s community crowdfunding wallet recently fell victim to a security breach, resulting in the loss of its entire balance of 2,675.73 Monero, worth nearly $460,000.
The attack on the privacy coin’s wallet occurred on Sept. 1 but was not revealed until Nov. 2 on GitHub. According to the company, the source of the breach remains unidentified and is still under investigation.
Monero’s developer, Luigi, disclosed that a total of 2,675.73 XMR, valued at approximately $460,000, was stolen during the breach. He clarified that while the community crowdfunding system (CCS) wallet was emptied, the separate hot wallet for payments to contributors was unaffected, retaining a balance of around 244 XMR.
The CCS wallet, established in 2020 to fund community-driven development proposals, was operated from a single Ubuntu system running a Monero node on a Windows 10 Pro laptop.
Luigi’s last transfer from the CCS wallet to the hot wallet occurred on May 10, 2023. Following this, between Sept. 1 and 2, a sequence of nine transactions occurred, culminating in the total clearance of assets from the wallet
According to Luigi, he discovered the hack when he logged into the CCS wallet, expecting to find the funds intact. Instead, he encountered a meager balance of 4.6 XMR, contributed by a donor named Lovera.
Despite the limited information released to the public, the developers have expressed their shock at the developments. They are focused on uncovering the breach’s mechanics and assessing the future structure of the CCS.
Ricardo “Fluffypony” Spagni, another developer with access to the wallet’s seed phrase, suggested that the breach could be part of a wider series of attacks occurring since April, potentially involving compromised keys. He raised concerns that other wallets might also be at risk, prompting the company to implement additional security measures.
The cryptocurrency market has faced multiple security breaches by malicious entities, leading to substantial client fund losses. Despite the high amounts, some funds have been reclaimed through tracing, forensics, and sometimes negotiations with the perpetrators.
A community member known as “lazios” speculated on the breach’s potential cause, questioning the security of the private keys for the CCS wallet and suggesting that their storage on an online Ubuntu server could have been the vulnerability that led to the compromise.