Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Merits 2 from 2 users
Topic OP
Monero's official fundraising (CCS) wallet drained of 2675.73 XMR
by
PrivacyIsImportant
on 03/11/2023, 14:45:25 UTC
⭐ Merited by eXch.cc (1) ,paid2 (1)
Monero's official Community Crowdfunding System (CCS) wallet was drained of 2675.73 XMR and their team still is still unable to find a root cause.

There is an ongoing discussion in their official Github repository:

https://github.com/monero-project/meta/issues/916 [CCS Wallet Incident #916]

The community suggests it happened due to bad operational and informational security practices of the team that had access to the wallet.

Quote
Timeline:

  • April 12, 2020: New CCS wallet is created by fluffypony (on a dedicated wallet laptop, a Purism Librem 14, running Qubes) and the seed shared with Luigi, half via the Wire app, and half via GPG-encrypted email -- fluffypony and Luigi are the only parties with known access to the CCS seed.
  • 2020-2023: (Luigi's side) a single use Ubuntu system is set up to run a Monero node and CCS wallet; the hot wallet is on a Windows 10 Pro desktop where it has been since 2017; Luigi makes payments from the hot wallet and tops it up from the CCS Wallet (via SSH), occasionally as needed.
  • August 3, 2021: shortly after fluffypony's arrest, most of the CCS wallet was swept by Luigi to the hot wallet as a short-term measure pending more information about the nature of the arrest
  • (a few weeks/months later) fluffypony's arrest is determined not crypto-related; reverted to previous behavior of large CCS balance, small hot wallet balance
  • May 10, 2023: last transfer was made by Luigi from CCS wallet to hot wallet
  • September 1 11:58pm - September 2 12:07am, 2023: CCS wallet was swept in 9 transactions, IDs:
ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a
08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc
4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9
8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441
56dd063f42775600adf03ae1e7d7376813d9640c65f08916e3802dbfee489e2c
e2ab762927637fe0255246f8795a02bd7bb99f905ae7afc21284e6ff9e7f73db
9bf312ed09da1e7dfce281a76ae2fc5b7b9edc35d31c9eb46b21d38500716b6b
837de977651136c18b0018269626be7155d477cc731c5ca907608a2db57ff6a8
9c278d1496788aee6c7f26556a3f6f2cbb7e109cd20400e0b2381f6c2d4e29f4
(wallet was then empty)
  • September 2023: donations come in for Lovera CCS (the only proposal that was in Funding Required)
  • September 28, 2023: Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR, representing September donations for Lovera; no additional transfers occurred after September 2
  • September 28, 2023 (a few hours later): Luigi has call with binaryFate on what has been discovered; General Fund is confirmed to be intact. Shortly after, Luigi, binaryFate, and fluffypony have a call discussing the situation.
  • September 28 - now: Core Team discusses internally; Luigi and fluffypony forensic efforts -- unfortunately, to date, no evidence of breach has been identified

Open questions:

  • How do we achieve CCS continuity for existing contributors? Core team is in favor of covering existing liabilities from the General Fund.
  • How do we structure the CCS going forward?
  • How did the breach occur?