-
Notifications
You must be signed in to change notification settings - Fork 391
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
53 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
--- | ||
layout: post | ||
title: CCS Wallet Incident | ||
summary: 2,675.73 XMR (the entire balance) was drained from the CCS wallet on September 1, 2023. The General Fund wallet remains intact. | ||
tags: [urgent, announcements, core] | ||
author: Monero Core Team | ||
--- | ||
|
||
_The original announcement/discussion can found on this [meta issue](https://github.com/monero-project/meta/issues/916)._ | ||
|
||
The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach. | ||
|
||
## Timeline | ||
|
||
- April 12, 2020: New CCS wallet is created by fluffypony (on a dedicated wallet laptop, a Purism Librem 14, running Qubes) and the seed shared with Luigi, half via the Wire app, and half via GPG-encrypted email -- fluffypony and Luigi are the only parties with known access to the CCS seed. | ||
|
||
- 2020-2023: (Luigi's side) a single use Ubuntu system is set up to run a Monero node and CCS wallet; the hot wallet is on a Windows 10 Pro desktop where it has been since 2017; Luigi makes payments from the hot wallet and tops it up from the CCS Wallet (via SSH), occasionally as needed. | ||
|
||
- August 3, 2021: shortly after fluffypony's arrest, most of the CCS wallet was swept by Luigi to the hot wallet as a short-term measure pending more information about the nature of the arrest | ||
|
||
- (a few weeks/months later) fluffypony's arrest is determined not crypto-related; reverted to previous behavior of large CCS balance, small hot wallet balance | ||
|
||
- May 10, 2023: last transfer was made by Luigi from CCS wallet to hot wallet | ||
|
||
- September 1 11:58pm - September 2 12:07am, 2023: CCS wallet was swept in 9 transactions, IDs: | ||
|
||
``` | ||
ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a | ||
08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc | ||
4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9 | ||
8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441 | ||
56dd063f42775600adf03ae1e7d7376813d9640c65f08916e3802dbfee489e2c | ||
e2ab762927637fe0255246f8795a02bd7bb99f905ae7afc21284e6ff9e7f73db | ||
9bf312ed09da1e7dfce281a76ae2fc5b7b9edc35d31c9eb46b21d38500716b6b | ||
837de977651136c18b0018269626be7155d477cc731c5ca907608a2db57ff6a8 | ||
9c278d1496788aee6c7f26556a3f6f2cbb7e109cd20400e0b2381f6c2d4e29f4 | ||
(wallet was then empty) | ||
``` | ||
|
||
- September 2023: donations come in for Lovera CCS (the only proposal that was in Funding Required) | ||
|
||
- September 28, 2023: Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR, representing September donations for Lovera; no additional transfers occurred after September 2 | ||
|
||
- September 28, 2023 (a few hours later): Luigi has call with binaryFate on what has been discovered; General Fund is confirmed to be intact. Shortly after, Luigi, binaryFate, and fluffypony have a call discussing the situation. | ||
|
||
- September 28 - now: Core Team discusses internally; Luigi and fluffypony forensic efforts -- unfortunately, to date, no evidence of breach has been identified | ||
|
||
## Open questions: | ||
|
||
- How do we achieve CCS continuity for existing contributors? | ||
- Core team is in favor of covering existing liabilities from the General Fund. | ||
- How do we structure the CCS going forward? | ||
- How did the breach occur? |