Based on reports, until March 2019 XMR miners had access to crafted blocks that could have forced Monero wallets to accept fake deposits for an XMR amount the intruder would choose.
Research also revealed the access could have been exploited to steal from cryptocurrency exchanges. As a reward for improving the safety of the cryptocurrency, the researchers were awarded 45 XMR, equivalent to about $3,900. Five denials of service (DoS) attack vectors were also disclosed, with one of them tagged as “critical”.
CryptoNote susceptibility Monero version 0.14.1.0
In addition, a CryptoNote-specific vulnerability was found. It gave fraudsters access to take down nodes in the cryptocurrency’s network using malicious data requests. A number of projects on CryptoNote is also believed to be susceptible to this vulnerability.
The researcher who found the bug, Andrey Sabelnikov, mentioned that a renowned blockchain like Monero could have been subject to attackers’ protocol request. This could have ended up calling all of its blocks from another node, which could be hundreds of thousands of blocks. Preparing such a response could require a lot of resources. But, the OS would eventually kill it due to the huge memory consumption, which is a downside of Linux systems. Monero version 0.14.1.0 was also released.
Based on reports, eight of the vulnerabilities have been fixed, but one remains undisclosed as developers resolve it. Thus far, none of the disclosed vulnerabilities has been exploited. Towards the end of last year, Monero developers fixed a major bug that could have given access to attackers to double spend and destroy XMR.
In an attempt to reduce the trend, the Monero (XMR) has created a workgroup to fight back against the trend.