The attacker attacked the Monero community's crowdfunding wallet, withdrawing the entire balance of 2675.73 XMR (~$452,200 at the time of writing).
The incident occurred on September 1, but the developer under the pseudonym luigi1111 told about it only on November 2 in a thread on GitHub. According to him, the reason for the exploit has not yet been established.
He clarified that the project's hot wallet, which contains about 244 XMR, remains secure.
"This attack is unconscionable, because they seized funds that people could count on to pay rent or buy food," said another developer, Ricardo Spagni, under the nickname Fluffypony.
The Monero community crowdfunding system finances community members ' proposals for ecosystem development. The fund's address was set up in the Ubuntu system in 2020 along with the blockchain node.
According to the report, only luigi1111 and Fluffypony had access to it. The team used a desktop hot wallet to make payments.
"It is quite possible that this is due to the ongoing attacks that we have seen since April, as they involve a lot of compromised keys (including Bitcoin wallet.dat, seed phrases generated with all sorts of hardware and software, pre-sale Ethereum wallets, etc.)," Spagni suggested.
According to other developers, the hack could have occurred due to the fact that the wallet keys were available online on the Ubuntu server.
The Monero team called on the "Core Fund" to cover all costs from the incident.
The incident occurred on September 1, but the developer under the pseudonym luigi1111 told about it only on November 2 in a thread on GitHub. According to him, the reason for the exploit has not yet been established.
He clarified that the project's hot wallet, which contains about 244 XMR, remains secure.
"This attack is unconscionable, because they seized funds that people could count on to pay rent or buy food," said another developer, Ricardo Spagni, under the nickname Fluffypony.
The Monero community crowdfunding system finances community members ' proposals for ecosystem development. The fund's address was set up in the Ubuntu system in 2020 along with the blockchain node.
According to the report, only luigi1111 and Fluffypony had access to it. The team used a desktop hot wallet to make payments.
"It is quite possible that this is due to the ongoing attacks that we have seen since April, as they involve a lot of compromised keys (including Bitcoin wallet.dat, seed phrases generated with all sorts of hardware and software, pre-sale Ethereum wallets, etc.)," Spagni suggested.
According to other developers, the hack could have occurred due to the fact that the wallet keys were available online on the Ubuntu server.
The Monero team called on the "Core Fund" to cover all costs from the incident.
