Starbucks' Wi-Fi used customers' laptops to mine Monero

According to the representative of Starbucks, issue is solved and they "want to ensure that our customers are able to search the internet over Wi-Fi securely"
18 December 2017   4889

Coffeeshop Starbucks from capital of Argentina used Coinhive script to mine Monero on customer's laptops thru Wi-Fi. Customers weren't warned. This is reported byt the CCN.

The head of a technology company from New York, Noah Dinkin, drew attention to the problem. The expert noticed a ten-second delay when connecting to a Starbucks coffee shop in Buenos Aires. It turned out that at this time the network provider used the power of the devices for Monero's mining.

In a few days coffeeshop responeded. Company reported that issue was resolved.

Motherboard talked to Starbucks' spokesperson regarding the issue.

Last week, we were alerted to the issue and we reached out to our internet service provider—the Wi-Fi is not run by Starbucks, it's not something we own or control. We want to ensure that our customers are able to search the internet over Wi-Fi securely, so we will always work closely with our service provider when something like this comes up.
 

Reggie Borges 

Spokesperson, Starbucks

In next tweets, Dinkin revealed that the code was found in three separate Starbucks locations over multiple days, and that the internet service’s Terms of Service (TOS) didn’t mention the Monero mining code.

Monero Team to Kill Coin Burning Bug

A scenario of a hypothetical attack described by one of the participants of Monero's subreddit helped to identify the bug
26 September 2018   484

Developers of the Monero cryptocurrency have eliminated a bug that could allow intruders to "burn" funds in organizations' wallets, while sacrificing only a small amount in the form of transaction commissions. This is reported in the official announcement of the project.

A scenario of a hypothetical attack described by one of the participants of Monero's subreddit allowed to identify the bug.

Practically speaking this bug is exploited as follows. An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange's hot wallet) are sent to the same stealth address. Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR.
 

dEBRUYNE at Get Monero

Monero developers note that this method does not allow the attack organizer to directly receive the XMR coins deposited in this way. However, an attacker can withdraw XMR through bitcoins, and the exchange will remain with 999 non-consumable or "burned" outputs from 1 XMR.

The created fix was privately distributed to exchanges and large merchants, in order not to attract unnecessary attention to the time of elimination of problems. According to the developers, the exploit was not used to perform real attacks.

In early August, because of the critical bug in the code of Monero, which allows to manipulate the amount of transactions, Livecoin suffered losses exceeding $ 1.8 million.