Monero’s CCS Wallet Was Exploited, Attacker Drains $460,000 in Nine Transactions
Moneros CCS wallet was exploited on September 1, 2023, as revealed by the decentralized community-driven project.
It has been reported that the attacker drained the wallet through nine transactions, depleting its entire balance of 2,675.73 XMR, which is valued at approximately $460,000. Chinese
cryptocurrency
reporter Colin Wu, known for his X page, Wu Blockchain, provided insights into the Monero CCS hack, which is still surrounded by mystery.Wu also highlighted the theory by blockchain security firm SlowMist, which suggests a “loophole in the Monero privacy model” as the source of vulnerability. Moneros disclosure revealed that the CCS, funded by donations, held a total balance of 2675.73 XMR until September 1. It was not until November that Monero developer Luigi noticed the complete theft of the wallet holdings.
Moneros CCS Wallet Was Exploited By Hacker Traced to Monerujo Wallet with PocketChange Feature Enabled
Moonstone Research meticulously tracked the attacker‘s transactions and concluded that the exploiter was likely a user of the Monerujo wallet with the PocketChange feature enabled. Monerujo, an Android-based non-custodial Monero wallet, offers PocketChange to address Monero’s limitations by dividing funds into multiple “pockets” or “notes.”
According to Monerujos explanation, enabling PocketChange splits a larger coin into smaller parts and spreads them into 10 different pockets. This prevents the coins from merging again, allowing instant spending from all pockets without waiting the typical 20 minutes. Moonstone Research, through four Crescent Discovery Reports, identified that the attacker generated 11 output enotes, which deviates from typical transactions. Confirming their analysis, Moonstone Research stated, “We believe this is the most likely scenario, regardless of whether the attacker was using Monerujo version 3.3.7 or 3.3.8.”
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
Slowmist Releases October Web3 Security Incident Report
TEAMZ Web3・AI Summit 2025: Bringing Global Leaders to Tokyo
Russia Establishes Legal Framework and Standards for Crypto Mining
Japan’s Crypto Industry to Launch “Self-Regulation” of Stablecoins
0.00