Skip to content

Commit

Permalink
blog: CCS wallet incident
Browse files Browse the repository at this point in the history
  • Loading branch information
plowsof committed Nov 3, 2023
1 parent 2095c7c commit 1e051e5
Showing 1 changed file with 53 additions and 0 deletions.
53 changes: 53 additions & 0 deletions _posts/2023-11-03-ccs-wallet-incident.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
---
layout: post
title: CCS Wallet Incident
summary: 2,675.73 XMR (the entire balance) was drained from the CCS wallet on September 1, 2023. The General Fund wallet remains intact.
tags: [urgent, announcements, core]
author: Monero Core Team
---

_The original announcement/discussion can found on this [meta issue](https://github.com/monero-project/meta/issues/916)._

The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.

## Timeline

- April 12, 2020: New CCS wallet is created by fluffypony (on a dedicated wallet laptop, a Purism Librem 14, running Qubes) and the seed shared with Luigi, half via the Wire app, and half via GPG-encrypted email -- fluffypony and Luigi are the only parties with known access to the CCS seed.

- 2020-2023: (Luigi's side) a single use Ubuntu system is set up to run a Monero node and CCS wallet; the hot wallet is on a Windows 10 Pro desktop where it has been since 2017; Luigi makes payments from the hot wallet and tops it up from the CCS Wallet (via SSH), occasionally as needed.

- August 3, 2021: shortly after fluffypony's arrest, most of the CCS wallet was swept by Luigi to the hot wallet as a short-term measure pending more information about the nature of the arrest

- (a few weeks/months later) fluffypony's arrest is determined not crypto-related; reverted to previous behavior of large CCS balance, small hot wallet balance

- May 10, 2023: last transfer was made by Luigi from CCS wallet to hot wallet

- September 1 11:58pm - September 2 12:07am, 2023: CCS wallet was swept in 9 transactions, IDs:

```
ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a
08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc
4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9
8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441
56dd063f42775600adf03ae1e7d7376813d9640c65f08916e3802dbfee489e2c
e2ab762927637fe0255246f8795a02bd7bb99f905ae7afc21284e6ff9e7f73db
9bf312ed09da1e7dfce281a76ae2fc5b7b9edc35d31c9eb46b21d38500716b6b
837de977651136c18b0018269626be7155d477cc731c5ca907608a2db57ff6a8
9c278d1496788aee6c7f26556a3f6f2cbb7e109cd20400e0b2381f6c2d4e29f4
(wallet was then empty)
```

- September 2023: donations come in for Lovera CCS (the only proposal that was in Funding Required)

- September 28, 2023: Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR, representing September donations for Lovera; no additional transfers occurred after September 2

- September 28, 2023 (a few hours later): Luigi has call with binaryFate on what has been discovered; General Fund is confirmed to be intact. Shortly after, Luigi, binaryFate, and fluffypony have a call discussing the situation.

- September 28 - now: Core Team discusses internally; Luigi and fluffypony forensic efforts -- unfortunately, to date, no evidence of breach has been identified

## Open questions:

- How do we achieve CCS continuity for existing contributors?
- Core team is in favor of covering existing liabilities from the General Fund.
- How do we structure the CCS going forward?
- How did the breach occur?

0 comments on commit 1e051e5

Please sign in to comment.