Confirmed: Ledger Hardware Wallet to Support Monero

Riccardo Spagni, a member of Monero Core Team, confirmed that Monero will be supported in Ledger hardware wallet
12 April 2018   1173

In September of 2017 we have reported about GitHub page from LedgerHQ called blue-app-monero, according to which on Monday, September 4, the process of integration of Monero in Ledger and Blue Ledger Nano S has begun. Now we can certainly say that Monero will be supported in Ledger hardware wallet, as that was confirmed by Riccardo Spagni, a member of Monero Core Team.

...We have to do a bunch of work for it and it becomes painful. We've seen it with Ledger. It has taken a year to get Monero support on Ledger and that's only really coming together now. And it is because of the amount of work and effort that is needed to go into doing that.
 

Riccardo Spagni

Riccardo Spagni was talking about Monero and privacy on Doug Polk Podcast on April 9, 2018. The member of Monero Core Team said that Monero is already on Ledger, and there are some commits being performed to fix a couple of small issues. He stated that the official Ledger support will go live alongside the Monero 0.12.1 release. Moreover, Riccardo Spagni said some words about Trezor support, stating that Trezor team is currently working on it.

I think that Ledger has kind of blazed the way, there is a lot of stuff that Trezor can suck in from that.
 

Riccardo Spagni

What is more, he stated that there is a group in Monero community that is also building a hardware wallet which is based on the Trezor's schematics. We believe that it is great news for Monero community as the privacy coin will be finally officially supported on hardware wallet Ledger.

Monero Team to Kill Coin Burning Bug

A scenario of a hypothetical attack described by one of the participants of Monero's subreddit helped to identify the bug
26 September 2018   476

Developers of the Monero cryptocurrency have eliminated a bug that could allow intruders to "burn" funds in organizations' wallets, while sacrificing only a small amount in the form of transaction commissions. This is reported in the official announcement of the project.

A scenario of a hypothetical attack described by one of the participants of Monero's subreddit allowed to identify the bug.

Practically speaking this bug is exploited as follows. An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange's hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.
 

dEBRUYNE at Get Monero

Monero developers note that this method does not allow the attack organizer to directly receive the XMR coins deposited in this way. However, an attacker can withdraw XMR through bitcoins, and the exchange will remain with 999 non-consumable or "burned" outputs from 1 XMR.

The created fix was privately distributed to exchanges and large merchants, in order not to attract unnecessary attention to the time of elimination of problems. According to the developers, the exploit was not used to perform real attacks.

In early August, because of the critical bug in the code of Monero, which allows to manipulate the amount of transactions, Livecoin suffered losses exceeding $ 1.8 million.