CryptoNote Currency Bug Allowed Creation of Unlimited Number of Coins

By
Francisco Memoria @FranciscoMemor
May 28, 2017

Recently, the team behind Monero (XMR), the anonymous cryptocurrency that saw its price surge after darknet market AlphaBay started accepting it as a payment method, discovered a bug in CryptoNote-based currencies that allowed double-spending, meaning an infinite amount of coins could be created.

Thanks to the exploit, the coins were created in an undetectable way, unless the observer knew about the flaw and was able to search for it using specific code. Monero’s team quickly patched the bug as soon as it was discovered and stated that the anonymous currency’s blockchain wasn’t affected. The disclosure reads:

We patched it quite some time ago, and confirmed that the Monero blockchain had NEVER been exploited using this, but until the hard fork that we had a few weeks ago we were unsure as to whether or not the entire network had updated.

After a complete network update, Monero’s team notified all affected CryptoNote-based cryptocurrencies that they had until mid-May to patch the vulnerability. These include Boolberry, Bytecoin, DigitalNote, and DashCoin. (note that DashCoin and Dash are different currencies).

At the time of the initial disclosure, Monero, Aeon, Forknote and Boolberry had already patched the bug. DashCoin, DigitalNote and Bytecoin had not, although now that the vulnerability was made public the developers of these currencies have reportedly fixed the problem.

693 Million Bytecoin Tokens Were Artificially Created

Even though Monero’s blockchain wasn’t affected by the vulnerability, Bytecoin’s was. Bytecoin, the first cryptocurrency to successfully implement CryptoNote, is an anonymous cryptocurrency that has recently seen a significant price surge. It is currently behind Monero when it comes to market cap, making it the 10th biggest cryptocurrency, according to data from CoinMarketCap.

As recently reported by CryptoCoinsNews, the currency’s recent growth in market cap value wasn’t organic, as Bytecoin hadn’t seen a lot of action for years prior to the surge. 151 billion Bytecoin tokens – 82% of its total – were mined by unknown actors before the public was aware of it, which is an essential aspect of why it hasn’t been a very active currency. Recently, within a two-month period, however, Bytecoin’s market cap increased from $10 million to over $300 million.

 

According to Bytecoin’s website, the team behind the cryptocurrency found the vulnerability back in April when erroneous transactions appeared on the network. Nevertheless, over 693 million coins (worth over $1.3 million), totaling 0,37% of Bytecoin’s tokens, were created as a result of the bug.

DigitalNote, another affected currency that has already patched the bug, has also seen a significant price increase recently, as its market cap increased from around $740,000 to over $3 million in a two-month period.

 

Featured image from Shutterstock.

Last modified (UTC): May 28, 2017 19:21

Show comments