Monero [XMR] bugs explained by its lead developer, Riccardo Spagni

On an episode of The Magical Crypto Friends, a monthly show featuring WhalePanda, Charlie Lee, Riccardo Spagni and Samson Mow, the Lead Developer of Monero [XMR], Riccardo Spagni spoke about the Kryptonite bug, the DoS attacks, and the Monero Burning Bug.

Spagni also spoke about the steps taken by the Monero community in order to address the problem without leaving a chance for independent discovery of the critical bug. He stated that this would further enable attackers to take advantage of the vulnerability and allow Monero clones to attack each other.

He went on to talk about the Kryptonite bug which they found last year. An excessive amount of time allowed them to execute a sound plan where the community waited for the Monero hardfork, ensuring that the entire network was upgraded. He added:

“We were then able to go to all the Kryptonite points, the major ones and say look this is something that we found and we patched it and so a piece can you patch and we’re gonna go public with this in two weeks”

He also spoke about the recent bugs of Monero where they witnessed two Denial of Service attacks and the Monero Burning bug attack. According to him, the Burning bug attack used some form of “social engineering” in order to get an exchange to burn some of their coins and in turn make them unspendable. He further stated:

“That was a little more tricky because of the need to deploy an upgrade within a short time and we didn’t really have a lot of scope for finding or contacting users to upgrade, plus I think the landscape shifted a bit and the burning bug stuff primarily affected Monero folks and not folks of Krypton hood”

Riccardo further stated that the bug would allow attackers to take Monero and deposit them in an exchange, it would further be traded and the money would be withdrawn. This money would be deposited into another exchange in return for Monero. He added:

“The Monero is then deposited onto the exchange again with a duplicate output and then trade it and withdraw it and sort of through this process the exchange would end up with a bunch of Monero that they’ve legitimately received but that they can’t spend”