Cyber Incident Victim: Altex Exchange
Date:
Jul 2018
Location:
Canada
Summary
A Monero wallet bug involving duplicated transaction keys allowed attackers to artificially inflate deposit amounts displayed on exchanges, enabling fraudulent withdrawals that drained cryptocurrency reserves. The vulnerability, discovered by a researcher and ranked as critical severity, led to significant losses for Altex Exchange, which suspended trading and withdrawals to mitigate further exploitation. The exchange confirmed the incident stemmed from Monero's codebase rather than its own systems, though the exact financial impact remained undisclosed. Additional Monero vulnerabilities identified around the same time, including a blockchain denial-of-service vector, had reportedly been resolved prior to disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 30, 2018, Altex Exchange suspended operations following the exploitation of a critical Monero wallet bug that resulted in substantial cryptocurrency losses. Researcher Jason Rhineland had disclosed the vulnerability via HackerOne, identifying a business logic error in Monero's codebase that allowed attackers to manipulate transaction visibility. The flaw stemmed from a previously patched wallet balance display bug (PR #3985), which remained exploitable on exchanges when transaction public keys were duplicated. This manipulation caused deposits to appear inflated—for example, a 1 XMR transfer could display as 2 XMR—enabling attackers to fraudulently withdraw double the deposited amount. Altex confirmed the bug's impact extended beyond Monero to affect Monero-based coins like ARQ, with attackers repeatedly exploiting the vulnerability to drain exchange wallets. The exchange emphasized the issue originated in Monero's software rather than their internal systems, though operational challenges arose as their development team was on holiday during the crisis.
Altex responded by placing its primary currency under maintenance to block further fraudulent withdrawals and initiated an investigation that confirmed "a big loss" of funds. The exchange publicly acknowledged the incident through Twitlonger updates, suspending trading indefinitely while assessing the full extent of the damage. Although the exact value of stolen assets remained undisclosed, Altex characterized the loss as significant enough to threaten operational viability. Concurrently, HackerOne reports revealed five additional Monero vulnerabilities patched within 24 hours of the Altex disclosure, including a resolved denial-of-service vector targeting the Monero blockchain. The exchange's transparency about the external codebase flaw contrasted with its limited technical capacity to mitigate the attack during the development team's absence, leaving the platform inoperative as users awaited resolution.