Last week, a bitcointalk hero-level community member by the name of “BitcoinEXpress” announced that he found an Achille’s Heel-like vulnerability in CryptoNote, a highly-sophisticated and secure cryptography technology. BitcoinEXpress said that someone could attack Monero, a cryptocurrency that uses CryptoNote, because of this vulnerability.
In a post, BitcoinEXpress said the following about a vulnerability:
“I have no interest in buying any exploit or any interest in attacking Monero. I am neither for or against, the coin. I do however see a serious flaw inherent to all CN coins with Monero being the focal point. With this exploit expanding into the wild, holding any sum of funds in XMR you cannot lose is foolish.
I can absolutely guarantee you as soon as this exploit is successfully deployed, every single exchange will halt trading and there will a lot of people holding coins they cannot trade anywhere.”
Apparently the supposed vulnerability lies in the claim that a user’s private key exposes itself when it passes through a ring signature. BitcoinEXpress has a habit for claims though, earlier claiming that they would take down Poloniex cryptocurrency exchange with a DDoS attack. A week has passed, and there has been no attack on Monero or any cryptocurrency using CryptoNote.
Still, the Monero price fell due to the threat and fear for the future of the cryptocurrency. The Monero developers also reached out to exchanges allowing XMR pairs, asking them to suspend trading for 24 hours a few days ago, confirming this as a precautionary move in case BitcoinEXpress could exploit any vulnerability.
In response to the CryptoNote threat, Catherine Erwin spoke with BitcoinBarbie.com about the exploit:
“We would like to refute the statement on the potential private key vulnerability. The security of CryptoNote’s technology is based on the infallibility of mathematical functions such as discrete logarithm problem or the Diffie-Hellman problem. The CryptoNote whitepaper and protocol is based on the well-known cryptographic primitives. There are no new cryptographic assumptions which could result in the private keys being exposed to a 3rd party. Moreover, there is nothing new in the one-time ring signatures concept. It corresponds to a well-known scheme called traceable ring sig which is referred to in the list of references of the whitepaper.
“CryptoNote is always watching out for incidents such as the one you have brought to our attention. The CryptoNote technology allows the creation of cryptocurrencies and for the last few years we’ve been working to make CN the most reliable and secure platform.
“However, on this particular occasion we haven’t found any indication of an exploit. We cannot exclude the possibility that certain individuals have been deliberately spreading rumors in order to mislead users that are not well versed in CryptoNote’s technology.”
With BitcoinEXpress making no move on Monero, along with Erwin dispelling any fear that the protocol is vulnerable, it looks like Monero users can rest easy knowing their finances are safe. It does look like BitcoinEXpress may have wanted to spread fear, though, and achieved that goal successfully. With Monero dropping at price, there’s a chance that they could have bought some inexpensive coins upon capitalizing on the hype.
Images from Shutterstock.