Monero's official Community Crowdfunding System (CCS) wallet was drained of 2675.73 XMR and their team still is still unable to find a root cause.
There is an ongoing discussion in their official Github repository:
https://github.com/monero-project/meta/issues/916 [CCS Wallet Incident #916]
The community suggests it happened due to bad operational and informational security practices of the team that had access to the wallet.
Timeline:- April 12, 2020: New CCS wallet is created by fluffypony (on a dedicated wallet laptop, a Purism Librem 14, running Qubes) and the seed shared with Luigi, half via the Wire app, and half via GPG-encrypted email -- fluffypony and Luigi are the only parties with known access to the CCS seed.
- 2020-2023: (Luigi's side) a single use Ubuntu system is set up to run a Monero node and CCS wallet; the hot wallet is on a Windows 10 Pro desktop where it has been since 2017; Luigi makes payments from the hot wallet and tops it up from the CCS Wallet (via SSH), occasionally as needed.
- August 3, 2021: shortly after fluffypony's arrest, most of the CCS wallet was swept by Luigi to the hot wallet as a short-term measure pending more information about the nature of the arrest
- (a few weeks/months later) fluffypony's arrest is determined not crypto-related; reverted to previous behavior of large CCS balance, small hot wallet balance
- May 10, 2023: last transfer was made by Luigi from CCS wallet to hot wallet
- September 1 11:58pm - September 2 12:07am, 2023: CCS wallet was swept in 9 transactions, IDs:
ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a
08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc
4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9
8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441
56dd063f42775600adf03ae1e7d7376813d9640c65f08916e3802dbfee489e2c
e2ab762927637fe0255246f8795a02bd7bb99f905ae7afc21284e6ff9e7f73db
9bf312ed09da1e7dfce281a76ae2fc5b7b9edc35d31c9eb46b21d38500716b6b
837de977651136c18b0018269626be7155d477cc731c5ca907608a2db57ff6a8
9c278d1496788aee6c7f26556a3f6f2cbb7e109cd20400e0b2381f6c2d4e29f4
(wallet was then empty)
- September 2023: donations come in for Lovera CCS (the only proposal that was in Funding Required)
- September 28, 2023: Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR, representing September donations for Lovera; no additional transfers occurred after September 2
- September 28, 2023 (a few hours later): Luigi has call with binaryFate on what has been discovered; General Fund is confirmed to be intact. Shortly after, Luigi, binaryFate, and fluffypony have a call discussing the situation.
- September 28 - now: Core Team discusses internally; Luigi and fluffypony forensic efforts -- unfortunately, to date, no evidence of breach has been identified
Open questions:- How do we achieve CCS continuity for existing contributors? Core team is in favor of covering existing liabilities from the General Fund.
- How do we structure the CCS going forward?
- How did the breach occur?
