Monero (XMR) devs have released a patch to resolve an error in the blockchain code that could have allowed massive currency exchange hacks, by sending multiple XMR transactions to a stealth address generated for exchange with another cryptocurrency.
The code error was discovered thanks to a hypothetical question from a Reddit user, who asked what would happen if a person sent multiple XMR transactions to a stealth address whose funds were already used. A problem that tried to be answered by the development team, but which ended with the discovery of a much more dangerous error.
Monero (XMR) blockchain presented an error when executing the code of the stealth addresses. Accordingly, if several XMR transactions were sent to the same stealth address, only the first one was validated, while the rest were erased because the address expired already. In this sense, if a user executed 100 times a transaction of 1 XMR to be exchanged for Bitcoin (BTC), the cryptocurrency exchange platform could only validate the first transaction, while it would pay the equivalent of 100 XMR.
Monero (XMR) team fixed a bug on the blockchain that could have affected cryptocurrency exchange platforms
Because a cryptocurrency exchange does not notice this particular anomaly, the exchange will, as usual, credit the attacker with 1000 XMR [amount stated in the example that Monero team cited]. The attacker then changes his Monero (XMR) to Bitcoin (BTC) and finally withdraws this BTC. The result of the hacker’s actions is that the exchange house is left with 999 outputs of 1 XMR not consumable/burned,” said the Monero (XMR) devs team.
Due to the nature of this bug on the Monero (XMR) blockchain, hackers could have pulled off mass robberies from cryptocurrency exchange platforms at a meager cost and in a matter of seconds, characteristics that would have caused a catastrophe in the cryptocurrencies market.
The bug, which was named by the developers as “burner error” was identified and corrected immediately using a patch that is incorporated in a new update of the code.