Quite a novel attack originally reported on Reddit.
Basically, it was possible to use a bug in the wallet software to send multiple outputs to the same stealth wallet, potentially allowing an attacker to cheaply burn a large amount of someone else's tokens, on account of the wallet simplying ignoring the issue.
This has now been fixed. Great work from the Monero team.
The article didn't really specify what a stealth wallet is. Can you elaborate? Are there different types of wallets on the monero network? Is a stealth wallet just a public private key pair derived address that you can somehow use to impersonate another account?
Can someone eli5? I couldn’t work out whether this is an attack on exchanges (modifying the client to reuse a key in a way that the exchange doesn’t check for) or something else.
The repeated use of “organization” made me initially think that this was an attack on a “foundation” (tor, eff, Mozilla, etc that kind of thing), but by the end I felt that it was meaning organization==exchange? If so I assume it would be an attack on exchanges prematurely believing a transaction succeeded? But seriously I’m curious what the actual correct interpretation is :)
An attacker could send money that the recipient would think they received but they didn't actually receive it. The attack could be used against anyone but exchanges would be an obviously profitable target.
Basically, it was possible to use a bug in the wallet software to send multiple outputs to the same stealth wallet, potentially allowing an attacker to cheaply burn a large amount of someone else's tokens, on account of the wallet simplying ignoring the issue.
This has now been fixed. Great work from the Monero team.
The repeated use of “organization” made me initially think that this was an attack on a “foundation” (tor, eff, Mozilla, etc that kind of thing), but by the end I felt that it was meaning organization==exchange? If so I assume it would be an attack on exchanges prematurely believing a transaction succeeded? But seriously I’m curious what the actual correct interpretation is :)