back to article Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach

The Monero Project is admitting that one of its wallets was drained by an unknown source in September, losing the equivalent of around $437,000 at today's exchange rate. A Monero Project maintainer who goes by the alias of Luigi announced on November 2 that the project's community crowdfunding system (CCS) wallet was drained …

  1. Altrux

    Oh dear

    All is not well in digital tulip bulb land!

    1. Anonymous Coward
      Anonymous Coward

      Re: Oh dear

      When I was a kid stealing $437,000 would have normally needed a wheel barrow, I remember a local guy being robbed and had lost $125!!!

      We're all so happy that today's world has made so many things easier, originally going out into the countryside to catch something to eat was a big effort with relatively little risk, but after the 13th century we created guns - is this a better world now?

      I'm selecting the anonymous icon after watching V for Vendetta on November 5th, forecasting the future - I love that movie!

      1. Peter2 Silver badge

        Re: Oh dear

        originally going out into the countryside to catch something to eat was a big effort with relatively little risk, but after the 13th century we created guns - is this a better world now?

        I take it that your unaware that the oldest preserved human body is approximately 5000 years old, and the chap died from being shot with an arrow when out in the countryside? This rather argues against the notion that the world was one of peace and civilisation prior to the invention of firearms. Not that anybody with any notion of history would assume it is, but...

        1. Blazde Silver badge

          Re: Oh dear

          So it became a better world for gunsmiths, and a worse one for fletchers? For all the rest of us 'going out into the countryside to catch something to eat' only improved markedly in the mid to late 20th century with the invention of the out-of-town supermarket.

          When I was a kid stealing $437,000 required time, patience and CISI certification. The last being notoriously difficult for North Korean financial planners to acquire

  2. Lee D Silver badge

    Sorry, but why aren't you moving that into an offline wallet on a regular basis?

    I mean, at least every $100,000, even if there's a transaction charge. I'd be doing it every $10,000 or similar. Activate machine with offline wallet, send money to offline wallet, confirm transaction, turn off machine with offline wallet.

    Same way that supermarket cashiers would put notes into a tub and send off to a safe rather than having it all on the shop floor for anyone to rob.

    For rich people, and large companies dealing in money, they appear to be completely naive in how they handle other people's.

    1. Doctor Syntax Silver badge

      Also keep the password offline.

  3. lglethal Silver badge
    Trollface

    A few minor corrections to the article

    Just a few small points, in regards to the article:

    "they're all "reasonably secure" and reputable organizations"

    This is Crypto - there is no such thing as secure or reputable, about anyone or anything involved in that business!

    "Those behind the attack have reportedly netted themselves at least $100 million"

    Unless there is evidence that they have actually managed to convert that into hard currency or actual commodities (like Beanie Babies or Tulips), then no they've netted themselves computer tokens that they hope to sell on to idiots for actual currency. If no one buys those tokens off them, then they have nothing but a collection of 1's and 0's which will not help feed the starving poor of North Korea, or more likely finance some Kim vanity project or nuclear missile program.

    From my reading here and elsewhere, a considerable section of the Norks stolen tokens are sitting in identified wallets, unable to move as they've been effectively frozen or blacklisted. It doesnt help the poor sod who had the token in the first place, but it's not helping the Norks either..

    Crypto - Just say No!

  4. elsergiovolador Silver badge

    True cryptocurrency

    Monero is a true crypto currency unlike things like Bitcoin.

    The reason is that it is not possible to trace coin's transaction history from the chain itself (at least not to my knowledge) and that makes it fungible unlike BTC, where 1 BTC != 1 BTC (nobody wants to touch coins from blacklisted walled, therefore they are worth 0).

    So it will be a test for Monero. If they recover the funds by any other mean than theft's good will, then Monero is toast.

    1. Frank Bitterlich

      Re: True cryptocurrency

      Didn't the article state that they already froze some of the stolen funds with the help of some crypto exchanges? Looks like they aren't completely untraceable...

      1. elsergiovolador Silver badge

        Re: True cryptocurrency

        The linked article says the frozen funds were ETH through BTC.

  5. Howard Sway Silver badge

    they're all "reasonably secure" and reputable organizations.

    Goes to prove that "reasonably secure" is not a sufficient level of security, especially when you entrust it to a 3rd party. As for reputable organizations - can't say I can think of one who would be trusting some combination of crypto wallet and password manager as part of their banking and bookkeeping operations.................

  6. t245t Silver badge
    Facepalm

    What it Bowser and his Koopa Troop

    A Monero Project maintainer who goes by the alias of Luigi announced on November 2 that the project's community crowdfunding system (CCS) wallet was drained of 2,675.73 XMR on September 1.”

    The New York Times recently equated the total power consumed by Bitcoin annually to what’s used by Finland in one year. The fact is that even the most efficient Bitcoin mining operation takes roughly 155,000 kWh to mine one Bitcoin

  7. Mike 137 Silver badge

    Mistargeted message?

    ""This attack is unconscionable, as they've taken funds that a contributor might be relying on to pay their rent or buy food"

    I somehow doubt the perp will actually care.

  8. druck Silver badge
    FAIL

    Pick one

    The question of how Lazarus is breaking into these wallets remains unanswered.

    It's either:-

    1. Crypto bro's can't code for shit.

    Or more likely:-

    2. Wallet emptying is an integral feature of the crypto-scam.

    Either way the Nork's win.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like