2 Nov 2023 | Updated 22 Dec 2023 [CCS] [pinned]

luigi1111 discloses critical breach: 'CCS Wallet was drained of 2,675.73 XMR'

Monero Core Team member luigi11111 has reported2 a serious incident that occurred on September 1st 2023 and which resulted in the loss of 2,675.73 XMR from the main CCS wallet3:

The CCS Wallet was drained of 2,675.73 XMR (the entire balance) [..] The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach. [..] How do we achieve CCS continuity for existing contributors? Core team is in favor of covering existing liabilities from the General Fund.

Join #monero-community4 discussions and consult -meta issue #9162 to learn more about the issue.

This is an ongoing story and the report will be updated when new information is available.

Update 23/11/3: the GF will be used to cover the loss, according to plowsof’s -site PR #22085; completed proposals should start receiving payments today, per luigi’s comment6; added address of compromised wallet for reference3.

Update 23/11/4: ‘Postmortem of Monero CCS Hack: A Transaction Graph Analysis’ report published by Moonstone Research7.

Update 23/11/19: core/Seraphis dev proposals in the ideas stage will be funded (probably from GF)8.

Update 23/12/06: the GF wallet received an anonymous donation of 2696.73 XMR9.

Update 23/12/20: luigi1111 provided the disk image for the drive and the memory dump for the ubuntu server to HackerIndustrial for ‘forensics work’10.

Update 23/12/22: luigi1111 created a new temporary CCS wallet11.

  1. https://github.com/luigi1111/ 

  2. https://github.com/monero-project/meta/issues/916  2

  3. 43H2k6iDgyfNo4HzgQKF8ABALWGpRz9Ez6uexXLGFyuC32SevoaGUiKWbebSkqy5EzdkviwJ4NQwDHkxVxHceUtLBzBjoTV  2

  4. (IRC) irc://irc.libera.chat/#monero-community, (Matrix) https://matrix.to/#/#monero-community:monero.social 

  5. https://github.com/monero-project/monero-site/pull/2208/ 

  6. https://libera.monerologs.net/monero-community/20231103#c297612 

  7. /moonstone-research-publishes-postmortem-monero-ccs-hack-report/ 

  8. https://libera.monerologs.net/monero-community/20231118#c304594 

  9. /2696-xmr-anon-donation-monero-general-fund/ 

  10. https://github.com/monero-project/meta/issues/923#issuecomment-1862024427 

  11. /luigi-ready-continue-ccs-escrow-until-31-march-2024/