There's a fine line between "there's nothing to worry about" and "we've discovered a critical bug."
The burning bug sounds like an STI, and works kind of like one too.
What starts off as a good time - getting XMR deposited into a wallet - turns into a nightmare when the recipient is left with an unshakeable case of the burning bug, which functionally takes the form of unspendable funds. It's been observed in the wild as a hypothetical illness, but so far there are no confirmed cases of human transmission.
But rather than wait until there is, Monero developers have gone ahead and vaccinated it out of existence, just to really stretch the analogy to breaking point.
In more literal terms:
- A theoretical burning bug attack was described well over a year ago. It was widely dismissed as being too impractical to be a cause for concern.
- 9 days ago, at the time of writing, someone re-discovered the burning bug, and Reddit user s_c_m_l accidentally worked it into a practical attack with a hypothetical question.
- Monero developers said "actually, yeah" and patched the bug out of existence.
Anatomy of the burning bug
The attack itself hinges on an anomaly in Monero's stealth addresses, in which multiple transactions of the exact same amount will get assigned the same key image. These will functionally mean the transactions are identified by the network as the exact same transactions, which would be interpreted and blocked as an attempted double spend attack. All but one of those transactions will be deemed invalid, and the coins "burnt." Hence the name burning bug.
By itself the attack is just a way for a suitably motivated person to destroy their own money.
The actually quite straightforward twist is what happens when someone carries out the attack after sending the funds to an exchange's wallet and selling the burnt coins. It doesn't actually gain the attacker anything, and in fact comes at a cost, but the cost was relatively low making it a potential attack vector for someone who wants to economically attack an exchange by destroying their money, even at no personal gain.
"Practically speaking this bug is exploited as follows," Monero developer dEBRUYNE explains. "An attacker first generates a random private transaction key. Thereafter, they modify the code to merely use this particular private transaction key, which ensures multiple transactions to the same public address (e.g. an exchange's hot wallet) are sent to the same stealth address."
"Subsequently, they send, say, a thousand transactions of 1 XMR to an exchange. Because the exchange's wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker's action(s) is that the exchange is left with 999 unspendable / burnt outputs of 1 XMR."
"Fortunately, the bug did not affect the protocol and thus the coin supply was not affected."
To roll out the patch as quickly as possible, the developers notified all exchanges they were in contact with and send out an email to those on the Monero mailing list.
"This event is again an effective reminder that cryptocurrency and the corresponding software are still in its infancy and thus quite prone to (critical) bugs," said the Monero announcement.
It seems unfortunate that even though the bug has been known for over a year, it's only recently that someone actually thought about it one step further. The leap from hypothetical useless vulnerability to practical attack was tiny, and seems like it should have been a bit more obvious.
But things are always more obvious in hindsight. Plus, plenty of exchanges have listed Monero over the years, and despite being the ones predominantly at risk, it seems none of them independently discovered it either.