Monero Hacked, XMR Privacy Still Guaranteed?

XMR crypto assets. (Photo; Doc. CryptoGazette)

JAKARTA - Monero (XMR), a cryptocurrency known for its privacy features, recently experienced a hack that drained crypto assets in the Monero CCS donation wallet of 2,675.73 XMR or more than IDR 42 billion.

The incident occurred on September 1, 2023. This incident sparked various questions about how safe and personal Monero transactions actually are. In a report released by Moonstone Research, a blockchain analysis firm, the traces of hacker transactions were successfully uncovered, although with some limitations.

One of the mysteries that surrounds this hack is how hackers can access Monero CCS wallets that should be safe. At the time of the incident, only two people knew the phrase recovery or seed prisse of CCS wallets, which made this hack even more difficult to explain.

The CCS wallet operates without any problems from April 2020 to the incident on September 1, 2023, where hackers suddenly make transactions that drain all crypto assets in the CCS wallet.

The Moonstone Research report explains how the company managed to identify one of the hacker transactions that carried out nine transactions. Although XMR transactions are designed to remain private, Moonstone believes that hackers' actions incorporating funds in one transaction provide clues that the transaction almost certainly belongs to hackers.

Analyzing this first transaction allows Moonstone to track two other transactions that may have been carried out by hackers, who are sending funds to exchanges, services, or partners.

However, some of the stolen XMRs have not been tracked. This shows that some funds are still carefully hidden. The report also speculates that these transactions may use Monerujo's mobile wallet and the "PocketChange" feature to disguise the unusual amount of output.

Is Monero Privacy Still Safe?

The Moonstone Research investigation highlights that under certain circumstances, Monero transactions can be partially tracked, despite having strong privacy features. However, complex Monero blockchain analysis still has certain limitations. These findings sparked discussions in the crypto community regarding the extent of Monero's security and privacy sustainability.

Of course, this isn't the first time blockchain analytics companies have tried to track Monero's transactions. In 2020, Ciphertrace, a blockchain surveillance company, claims to have developed the world's first Monero tracking tool, although skepticism still exists in the crypto community about the extent to which the tool is effective.

However, a crypto privacy expert, Seth Simmons, confirmed that Moonstone Research's findings do not apply generally to Monero users. He considers XMR to remain a very private and trace-resistant cryptocurrency.

Simmons highlighted that the detected onchain trail arises due to the Monerujo feature and the voluntaryly provided off-chain metadata. Therefore, he stressed the need to protect private key, aka a private key to access crypto wallets.