Monero (XMR) devs have published a patch to address an error in the blockchain code, which might possible enable substantial currency exchange hacks, by forwarding XMR transactions to a private address intended to exchange with some other cryptocurrency.
This bug was revealed from a Reddit user’s hypothetical question about what will happen when a person sends multiple XMR transactions to a private address with funds being already used. The development team attempted to address the problem, resulting in the discovery of a very critical error.
Monero (XMR) blockchain announced an error occurring when running the code of the private address. So, when multiple XMR transactions are sent to the same private address, just the first one is validated and the rest is deleted as the address is already expired. With this regard, when a user conducted a transaction with 1 XMR to Bitcoin (BTC) for 100 times, the cryptocurrency exchange platform can validate just the first transaction and pay 100 XMR.
Since the cryptocurrency exchange is not aware of this specific problem, the exchange will normally credit the hacker for 1000 XMR (with the amount in Monero team’s example). Then the attacker converts Monero (XMR) to Bitcoin (BTC) to withdraw as BTC. According to Monero (XMR) devs team, “The result of the hacker’s actions is that the exchange house is left with 999 outputs of 1 XMR not consumable/burned.”
As a result of the structure of this Monero (XMR) blockchain bug, the attackers could have drawn assets from cryptocurrency exchange platforms with a limited cost in a limited time, which might possibly result in a catastrophic cryptocurrency market.
The developers called this bug as “burner error” and addressed the situation with a patch inside a new code update.