The incident occurred on September 1st but was only disclosed on GitHub on November 2nd by Monero developer Luigi. According to him, the origin of the breach has not yet been determined.
A Community Crowdfunding System (CCS) wallet was completely drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for paying contributors, has not been affected; its balance is approximately 244 XMR. As of now, the source of the breach has not been identified.
Monero’s Community Crowdfunding System (CCS) funds development proposals from members of the community. “This attack is heartless because they took away money that contributors rely on to pay rent or buy food,” noted Monero developer Ricardo “Fluffypony” Spagni.
Luigi and Spagni are the only two with access to the wallet seed phrase. According to Luigi’s post, the CCS wallet was set up on the Ubuntu system in 2020, along with a Monero node.
To pay community members, Luigi has been using a hot wallet on a Windows 10 Pro desktop since 2017. When needed, the hot wallet would be funded through the CCS wallet. However, on September 1, the CCS wallet was emptied through 9 transactions. Monero’s core team is calling on the General Fund to cover their outstanding debts.
According to other developers, the breach may have originated from the availability of wallet keys online on the Ubuntu server.