
A Post Mortem of The Burning Bug - kushti
https://getmonero.org/2018/09/25/a-post-mortum-of-the-burning-bug.html
======
merlincorey
Quite a novel attack originally reported on Reddit.

Basically, it was possible to use a bug in the wallet software to send
multiple outputs to the same stealth wallet, potentially allowing an attacker
to cheaply burn a large amount of someone else's tokens, on account of the
wallet simplying ignoring the issue.

This has now been fixed. Great work from the Monero team.

~~~
xrd
The article didn't really specify what a stealth wallet is. Can you elaborate?
Are there different types of wallets on the monero network? Is a stealth
wallet just a public private key pair derived address that you can somehow use
to impersonate another account?

------
olliej
Can someone eli5? I couldn’t work out whether this is an attack on exchanges
(modifying the client to reuse a key in a way that the exchange doesn’t check
for) or something else.

The repeated use of “organization” made me initially think that this was an
attack on a “foundation” (tor, eff, Mozilla, etc that kind of thing), but by
the end I felt that it was meaning organization==exchange? If so I assume it
would be an attack on exchanges prematurely believing a transaction succeeded?
But seriously I’m curious what the actual correct interpretation is :)

~~~
wmf
An attacker could send money that the recipient would think they received but
they didn't actually receive it. The attack could be used against anyone but
exchanges would be an obviously profitable target.

