The team behind Ryo has shared a potential vulnerability in Monero wallet software. According to a Medium article posted from the official Ryo Cryptocurrency account, the bug could allow hackers to make fake deposits to exchanges.
As shared in the post, the exploit uses an “extremely insecure design” in RingCT, which allows for the amount shared with the user to be different from the amount checked by the network. In one specific case, where the transaction includes a non-null rct signature, “the attacker can make it appear as if he deposited any sum of his choosing to an exchange”, Ryo writes.
Since the post’s publication, Monero has published a temporary workaround for the exploit, followed by an upcoming patch which will include a proper fix for the issue.