Ryo shares a bug in Monero software; fix is already awaiting review

The team behind Ryo has shared a potential vulnerability in Monero wallet software. According to a Medium article posted from the official Ryo Cryptocurrency account, the bug could allow hackers to make fake deposits to exchanges.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

As shared in the post, the exploit uses an “extremely insecure design” in RingCT, which allows for the amount shared with the user to be different from the amount checked by the network. In one specific case, where the transaction includes a non-null rct signature, “the attacker can make it appear as if he deposited any sum of his choosing to an exchange”, Ryo writes.

Since the post’s publication, Monero has published a temporary workaround for the exploit, followed by an upcoming patch which will include a proper fix for the issue.