Original - Odaily
Monero, as the leader in the privacy coin field, has high market recognition in the field of privacy coins due to its strong anonymity and non-traceability characteristics. However, the project experienced the theft of its community crowdfunding wallet (CCS) in September this year. 2675.73 XMR (approximately $460,000) in the CCS wallet was emptied, and it is still unclear why it was stolen.
However, project community members also carried out community self-examination during this period, sorting out the key events of the CCS wallet from its creation to the present.
The CCS wallet was created on April 12, 2020, by the founder fluffypony (Riccardo Spagni) and shared the key with another core member Luigi. Luigi usually accesses the CCS wallet through the Wire application and GPG-encrypted email to complete some donation activities.
But on August 3, 2021, fluffypony was deeply involved in the accusations of the South African government and was forced to surrender in the United States. In order to deal with this incident, the Monero team moved most of the CCS wallet balances to the hot wallet by Luigi.
The last transfer of CCS was on May 10, 2023, by Luigi to a hot wallet.
From 23:58 on September 1, 2023 to 00:07 on September 2, 2023, the CCS wallet was emptied in 9 transactions;
In September 2023, the CCS wallet received a donation to Lovera (the only proposal that required funds);
On September 28, 2023, Luigi logged into the CCS wallet to recharge the hot wallet and found that the balance was approximately 4.6 XMR, representing the donation to Lovera in September; no additional transfers occurred after September 2;
From September 28 to the present, the core team has been discussing internally; Luigi and fluffypony are also conducting relevant evidence collection work, but no evidence of violation has been found.
According to the above timeline, CCS key holders Luigi and fluffypony, as core members of the Monero team, are less likely to do evil themselves. However, the Monero team is one of the few teams with a cryptopunk spirit. The key of the CCS wallet is only distributed to two people, which is indeed not decentralized enough.
Interestingly, the theft did not attract much attention. Instead, everyone focused on why the on-chain monitoring company was able to track the transactions after the Monero was stolen, which raised concerns about the untraceability and anonymity of Monero. Questions arose.
For this reason, Seth For Privacy, director of strategy and marketing of FOUNDATION, a Bitcoin tool developer, published an article on the functionality, so a very specific on-chain footprint can be seen, and related transactions are consolidated at scale using PocketChange.
Seth For Privacy also said,The privacy and anonymity feature of Monero still exists, and in most cases it can still break the blockade and ensure transaction privacy.
The specific cause of the Monero projects CCS theft is still unknown, whether it is a loophole in the operating process or other external factors. However, as the Monero team is known for its cryptopunk spirit, the key management of the CCS wallet adopts a relatively central approach. At the same time, due to the earlier development of the Monero project, technologies such as MPC are not mature enough. This needs to be optimized by the community as soon as possible.
In addition, this incident triggered a discussion on the anonymity and non-traceability characteristics of Monero from another angle, and also brought to the surface the post-processing method of handling the private key to the on-chain monitoring company to track transaction records.