The Monero project acknowledged that one of its wallets was leaked by an unknown source in September, resulting in a loss equivalent to approximately $437,000 at today's exchange rate.
A Monero project maintainer who goes by the alias Luigi announced on November 2 that 2,675.73 XMR was stolen from the project's Community Crowdfunding System (CCS) wallet on September 1.
Monero's team is still trying to determine how the breach occurred, but said it may be related to a wallet leak attack that has been occurring in the community since April.
The funds were transferred in nine separate transactions within a matter of minutes.
The project's other wallets were not affected, including the general fund, which is used to support project development and make occasional contributions to key community initiatives such as conferences and research.
The project's administrators are “taking additional precautions” to secure other wallets related to Monero, such as enabling multisig, so that any given transaction must be signed by more than one individual.
“It's possible that the attackers are unaware of what they stole, in which case we ask that you consider it to be theft of funds donated by individuals to specific Monero contributors working on something,” another maintainer said.
“This attack is unjust as it has taken away funds that donors may have relied on to pay rent or buy food. We urge you to take corrective action once you are made aware of this.”
More widespread financial attacks
Atomic Wallet was attacked earlier this year, which ultimately led to the mysterious exfiltration of funds from over 5,000 cryptocurrency wallets.
Those behind the attack reportedly made at least $100 million, while 10 victims lost more than $1 million, with the average loss per wallet being $2,800, according to Elliptic.
The blockchain analytics provider blamed the attack on the North Korean state-sponsored Lazarus Group, which it claims is responsible for stealing more than $2 billion in multiple heists.
How do you get in?
The question of how Lazarus managed to get into these wallets remains unanswered. Following the attack, Atomic Wallet contacted victims and gathered information about their configurations to determine the source of the intrusion, but has not yet made the findings public.
In October, Atomic Wallet revealed that it had worked with a major crypto exchange to freeze $2 million in stolen funds in connection with the previous incident. The company has not released details about the ongoing investigation into the exfiltration, which is being backed by blockchain forensic experts Chainalysis and Crystal.
Taylor Monahan, principal product manager and owner of MetaMask, a cryptocurrency wallet software company that tracks wallet exfiltration attacks, said: Said The victim profiles were “most impressive” and they were all “fairly secure” and from reputable organisations.
A wide variety of cryptocurrencies and blockchains were targeted, including Bitcoin, Monero and Ethereum, with wallets with both 12 and 24 word seed lengths being compromised.
Monahan noted that most of the victims were high-profile people and large amounts of money were stolen from each wallet theft, suggesting the attacks may have been targeted.
Responding to community discussion that the LastPass breach may have played a role in leaking the seeds to the raided wallets, she said she was “confident” the seeds were stolen from the password manager.
“The number of victims who only leaked a specific group of seeds/keys that were stored in LastPass is too large to ignore,” Monahan said. I have written.
“To date, LastPass has not provided any useful indicators of compromise or information that could lead to attribution (IP, UA, etc.).
“Furthermore, most of the users whose wallets had funds stolen used extremely secure LastPass passwords, which would be practically impossible to crack via brute force attack. This means that either someone has compromised hundreds of users' vaults one by one in a way that has yet to be detected, or LastPass has yet to release important details about its security posture and what was compromised by the attackers.”
“I strongly emphasize that LastPass can and should do more in this regard. They are a terrible, terrible company.”
The idea that the LastPass breach is responsible for these attacks was supported by an independent blockchain researcher known by the alias ZachXBT.
On October 25 alone, more than 25 victims had their wallets emptied, with a total of $4.4 million stolen, they reported. account The incident was “the result of a LastPass hack.”
Karim Touba, CEO of Lastpass, said: Registry There is currently no evidence linking the company's data breach to the ongoing money-stealing attack.
“The work researchers are doing to uncover cryptocurrency thefts is important,” he said. “Since the first claims emerged linking the 2022 LastPass security incident to cryptocurrency thefts, we have been in contact with the researchers and urged them to investigate these claims.”
“To date, there is no evidence directly linking these incidents to LastPass. Security researchers with evidence are asked to contact the LastPass Threat Intelligence team by contacting securitydisclosure@lastpass.com.”
These fund-exfiltration attacks began in April, but the methodology behind them remains unclear.
