Monero seems to be experiencing a bit of a bug problem as on March 4, 2019, the Ledger team warned about the use of the Nano S wallet after user funds were lost. The day before, Monero themselves had warned users about a bug that sends fake deposits to exchanges.
A Glitch in the System
Even though crypto wallets are designed to be as secure as possible, flaws in execution can occur, leaving them vulnerable to attack. Such as in the case of the Trezor wallet, which was previously revealed to have some vulnerabilities.
The latest wallet to show similar flaws is the Nano S Monero app after the Ledger developer team warned users via Reddit not to make use of it on March 4, 2019.
The first warning about the wallet was raised when a Reddit user by the name MoneroDontCheeseMe revealed how 1,680 XMR was lost from their wallet; the user says that they made several transfers of 0.000001, 10, 200 and then 141.9 XMR from the wallet to a view-only wallet. Before the final transation took place, 1,680 XMR was in the wallet and 141.95 XMR was in an unlocked balance. After the transaction was completed, however, the balance in the wallet was zero.
Furthermore, MoneroDontCheeseMe says that there were several discrepancies in the amounts sent and the amounts recorded on the blockchain.
The chief technical officer at Ledger responded to the post and said that the matter was likely a synchronization issue, but that it would be looked into. A few hours later, however, the Ledger team posted a warning for users regarding the wallet.
While the issues regarding the wallet are still unresolved, Monero has issued its own warning to users about a wallet bug that could cause unauthorized deposits to crypto exchanges, which is very crucial considering the attacks that have taken place against exchanges this year alone. This was revealed in a post by the official Ryo account.
The post explains that an email was sent to the Monero-announce mailing list, warning about a vulnerability; the issue is characterized by the mishandling of outputs in coinbase transactions which means that an attacker could fake the deposit of XMR to an exchange. The email also included a workaround that would ensure that the vulnerability isn’t exploitable.
It also seems that the vulnerability has been fixed as Monero’s twitter account announced that the fix is awaiting review and will soon be released.