this post was submitted on 02 Nov 2023
53 points (96.5% liked)

Monero

1653 readers
24 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

Timeline of events

In the last Monero General Fund transparency report in March 2023, the General Fund held 8452 XMR. As far as we know, this separate wallet is safe and unaffected. It would be possible to pay people with active CCS proposal from the General Fund, but nothing has been decided.

you are viewing a single comment's thread
view the rest of the comments
[–] jet@hackertalks.com 3 points 1 year ago (2 children)

Yeah. Two different people had the secret keys for the same wallet. One of them kept them in an air gapped computer. The other person kept them online in a computer accessible via SSH.

Even assuming these two trusted individuals we're not directly involved, having an always online computer with a half a million US dollars on it is a big risk.

I'm in no way trying to second guess the tragedy here. I'm just speaking for people who might have a similar problem on going in the future.

For a shared wallet, something like paperback, using Shamir's secret sharing distributed amongst trusted parties. Could be good. It would require multiple parties to conclude to unlock the key.

https://github.com/cyphar/paperback

The offline wallet signing is really cumbersome, but it is something to use when we're talking about huge amounts of money. https://monerodocs.org/cold-storage/offline-transaction-signing/

I remember reading about air gapped QR wallet signing. https://github.com/nasaWelder/lunlumo which is interesting, but I thought there was something more polished available. Anyway a program that allowed you to easily sign transactions from an air-gapped computer, could be interesting for these trust problems.

So honestly multi-signature transactions are probably the right way to go. It increases the difficulty of hacking the computers to hacking multiple computers

[–] Saki@monero.town 4 points 1 year ago

In hindsight, maybe something very simple—using Feather on Tails, and this USB stick is only physically connected when necessary—could have prevented this from happening. Maybe.

[–] jet@hackertalks.com 1 points 1 year ago (1 children)

I think anonero has something like this, but they don't have a clearnet url to link to