Monero mining pools faced active exploitation of a critical consensus vulnerability in P2Pool starting June 15-16, allowing attackers to redirect up to 80-100% of block rewards from unpatched miners to their own wallets. The flaw affected all P2Pool versions prior to v4.16, which was released on June 13 following a developer warning issued three days earlier.
The exploit mechanism enabled attackers to take a single share found by a miner, replicate it thousands of times with fraudulent copies, and flood the payout window to siphon the majority of mining rewards. The vulnerability impacted P2Pool's Mini and Nano chains first before spreading to the Main chain. Miners operating unpatched nodes essentially had their hashrate redirected toward the attacker's wallet, though XMR already received and stored in wallets remained secure from the attack vector.
The window between the initial disclosure on June 10 and the patch release on June 13 gave miners a narrow upgrade window, but many failed to update and restart their nodes in time. Those who did upgrade promptly were protected from reward theft, but delayed adopters suffered ongoing losses until remediation. Monero developers published details on GitHub's security advisory system, flagging the issue as consensus-critical.