Monero May Be Under Attack, Developers Deny

It’s unclear however at this stage what is going on, if anything, but a number of Monero users paint a picture of a network under attack
08 May 2018   1468

Monero could be attacked. This could be possible due to a significant decrease in the computing power of the network, which occurred against the backdrop of hardfork to confront ASIC-miners last month. This is reported by TrustNodes.

There was one fork that reorganized by an astonishing 21 blocks. That means the eventually-thrown-away branch was the longest one for 21 blocks before the “other” branch (which eventually became the winner) overtook it. A 21-block branch is enough to double-spend against basically anybody.

Monero user at Reddit

Monero developer replied to the user.

His reorg is dated yesterday, but it’s a section of blocks from 2.6 days ago, so DEFINITELY a reorg during catch up. Nobody else has seen anything besides a reorg of a single block or two, and has been down for unrelated reasons. Much ado about nothing.

Riccardo Spagni
Developer, Monero

At least 2 messages on the implementation of double-spend attacks appeared on the network.

2 days ago I send first out transaction, but something went wrong and above 24 hours balance was 0. XMR returned, but now I cannot send them.

Monero user at Reddit

 Monero Double Spend Issue
Monero Double Spend Issue

I am struggling to send my balance of XMR to another wallet. I have tried both GUI and CLI and everytime I get an error that suggests I am trying to double spend.

Monero user at Reddit

Developer said these complaints of double spends are “probably because they’re using a remote node or something weird.”

Currently, it's not clear what exactly is happening, but some Monero users continue to claim that the network was attacked.

A lot of weird stuff happened on mainnet in the past 48h… My public node stopped syncing and got corrupted tx-pool. Up to 10 of our pool leaf nodes stopped syncing several times as well.

Monero user at Reddit

Another user reported on miners issues.

My miners and node have been DDoS’d like crazy the past couple weeks… I believe Dwarfpool has been affected, deeply, by this whole shabang. Haven’t gotten a payout in a couple days and hashrate dropped for ‘no reason.

Monero user at Reddit

At present, the information remains unconfirmed. The probability is that the problem, if it really exists, can be caused by configuration problems for individual miners or even by a bug in the fork code that took place last month.

Monero developer Spagni, in turn, claims that he does not observe deep reorganizations of the Monero blockchain, and in response to a request from Trustnodes, he wrote that he was ready to confirm the absence of double spend issue in the cryptocurrency network.

BlackSquid Hidden Miner to Attack US & Thai PCs

The malware is distributed through malicious websites, compromised web servers, network drives, and USB drives; it uses different exploits and vulnerabilities
05 June 2019   277

Trend Micro researchers have discovered a new malware that mines the Monero cryptocurrency on users' devices, reports ZDNet.

Most of all, a new malware miner called BlackSquid is popular in Thailand and the United States. The maleware is distributed through malicious websites, compromised web servers, network drives, and USB drives. BlackSquid uses EternalBlue, DoublePulsar, server vulnerabilities CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and errors in the ThinkPHP web application.

BlackSquid uses various tricks to keep the program unnoticed. For example, if a program detects that it was running in a virtualization environment, or finds debugging tools, then the malicious functions will not be activated.

Unnoticed, the malware installs the XMRig mining script. The attack does not end there - the program also scans the system for the a video card in order to extract coins more efficiently. After infecting one computer on the network, the virus tries to spread to other systems.