Live News
CRITICAL
Trending 92%
Breaking News

Critical Monero P2Pool Vulnerability Exploited; Miners Lose Rewards to Hackers

Monero P2Pool exploited for critical vulnerability allowing attackers to redirect up to 80-100% of block rewards from unpatched miners.

Telegram

Monero mining pools faced active exploitation of a critical consensus vulnerability in P2Pool starting June 15-16, allowing attackers to redirect up to 80-100% of block rewards from unpatched miners to their own wallets. The flaw affected all P2Pool versions prior to v4.16, which was released on June 13 following a developer warning issued three days earlier.

The exploit mechanism enabled attackers to take a single share found by a miner, replicate it thousands of times with fraudulent copies, and flood the payout window to siphon the majority of mining rewards. The vulnerability impacted P2Pool's Mini and Nano chains first before spreading to the Main chain. Miners operating unpatched nodes essentially had their hashrate redirected toward the attacker's wallet, though XMR already received and stored in wallets remained secure from the attack vector.

The window between the initial disclosure on June 10 and the patch release on June 13 gave miners a narrow upgrade window, but many failed to update and restart their nodes in time. Those who did upgrade promptly were protected from reward theft, but delayed adopters suffered ongoing losses until remediation. Monero developers published details on GitHub's security advisory system, flagging the issue as consensus-critical.

Source:github.com

Related News

Stay updated with the latest crypto news

Subscribe to Our Newsletter

Get the latest crypto news and market analysis delivered to your inbox.

Published on

Updated on