Monero’s Security Breach Drains Entire Funds In Community Wallet: What’s Going On?

cryptonews.com:

Monero’s community wallet was drained of all assets following a security breach described as shocking and a little sketchy. 

The attack on the privacy coin’s wallet took place on Sept 1 but was not revealed until Nov 2 on GitHub. According to the company, the source of the breach remains unidentified and is still under investigation.

Monero’s developer, Luigi explained that a total of 2,675.73 XMR worth approximately $460,000 was stolen as a result of the incident.

“The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.”

Developers Luigi and Ricardo “Fluffypony” Spagni are the two with access to the seed phase and have so far released a timeline of events and possible scenarios for the issues.

The wallet was created in 2020 to fund development proposals from community members on the advancement of the platform. Between 2020-2023, a single Ubuntu system was used to run a Monero node with a hot wallet on a Windows 10 Pro Laptop.

On May 10, 2023, Luigi made the final transfer from the CSS wallet to the hot wallet and between Sept 1 and Sept 2, a string of nine transactions led to all assets being wiped out.

According to Luigi, he discovered the hack when he logged into the CSS wallet to see only 4.6 XMR which came earlier through a donation by Lovera. Although very little has been released to the public and the devs are in shock by recent developments, the task posed to the team remains to find out how it happened and the future of CSS alongside its structure.

Fluffypony commented that the wider attacks might have caused