Recently, the Monero community crowdfunding wallet fell victim to a security breach that resulted in the loss of all 2,675.73 Monero balances (worth approximately $460,000).
The attack on Privacy Coin's wallet occurred on September 1st, but was not disclosed on GitHub until November 2nd. The company said the cause of the breach has not yet been determined and is currently under investigation.
Luigi, the Monero developer, revealed that a total of 2,675.73 XMR, worth approximately $460,000, was stolen during the breach. He revealed that while the Community Crowdfunding System (CCS) wallet was emptied, a separate hot wallet for donor payments was unaffected and maintained a balance of approximately 244XMR.
Founded in 2020 to fund community-driven development proposals, CCS Wallet was operated from a single Ubuntu system running a Monero node on a Windows 10 Pro laptop.
Luigi's last transfer from CCS wallet to hot wallet was made on May 10, 2023. This was followed by a series of his nine transactions between September 1st and September 2nd, which completed the complete erasure of the assets from his wallet.
Luigi said he discovered the hack when he logged into his CCS wallet expecting his funds to be intact. Instead, he came across a meager balance of his 4.6 XMR donated by a donor named Lovera.
Despite the limited information released to the public, developers have expressed shock at this development. They focus on elucidating the mechanisms of compromise and assessing the future structure of CCS.
Ricardo “Fluffypony” Spagni, another developer with access to the wallet's seed phrase, said the breach may be part of a broader series of attacks that have occurred since April and that the compromised keys were involved. suggested that it might be. He expressed concern that other wallets may also be at risk and urged the company to take additional security measures.
Community members are shocked but hopeful
The cryptocurrency market is facing multiple security breaches by malicious organizations, resulting in huge losses to clients' funds. Despite the large amount, some funds were recovered through tracing, forensic investigations, and in some cases negotiations with the perpetrators.
The Monero community regrets this theft. However, we value developer transparency and will continue to support our developers.
A community member known as “lazios” questioned the security of the CCS wallet's private keys and suggested that storage on online Ubuntu servers may have been the vulnerability that led to the breach. I speculated about the cause.
