This is an automated archive made by the Lemmit Bot.

The original was posted on /r/monero by /u/plowsof on 2023-11-02 17:05:12.

The CCS Wallet was drained of 2,675.73 XMR (the entire balance) on September 1, 2023, just before midnight. The hot wallet, used for payments to contributors, is untouched; its balance is ~244 XMR. We have thus far not been able to ascertain the source of the breach.

Timeline

  • April 12, 2020: New CCS wallet is created by fluffypony (on a dedicated wallet laptop, a Purism Librem 14, running Qubes) and the seed shared with Luigi, half via the Wire app, and half via GPG-encrypted email – fluffypony and Luigi are the only parties with known access to the CCS seed.
  • 2020-2023: (Luigi’s side) a single use Ubuntu system is set up to run a Monero node and CCS wallet; the hot wallet is on a Windows 10 Pro desktop where it has been since 2017; Luigi makes payments from the hot wallet and tops it up from the CCS Wallet (via SSH), occasionally as needed.
  • August 3, 2021: shortly after fluffypony’s arrest, most of the CCS wallet was swept by Luigi to the hot wallet as a short-term measure pending more information about the nature of the arrest
  • May 10, 2023: last transfer was made by Luigi from CCS wallet to hot wallet
  • September 1 11:58pm - September 2 12:07am, 2023: CCS wallet was swept in 9 transactions, IDs:

ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a

08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc

4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9

8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441

56dd063f42775600adf03ae1e7d7376813d9640c65f08916e3802dbfee489e2c

e2ab762927637fe0255246f8795a02bd7bb99f905ae7afc21284e6ff9e7f73db

9bf312ed09da1e7dfce281a76ae2fc5b7b9edc35d31c9eb46b21d38500716b6b

837de977651136c18b0018269626be7155d477cc731c5ca907608a2db57ff6a8

9c278d1496788aee6c7f26556a3f6f2cbb7e109cd20400e0b2381f6c2d4e29f4

(wallet was then empty)

  • September 2023: donations come in for Lovera CCS (the only proposal that was in Funding Required)
  • September 28, 2023: Luigi logs into CCS wallet to top up hot wallet, finding (after syncing from May 10th as expected) a balance of ~4.6 XMR, representing September donations for Lovera; no additional transfers occurred after September 2
  • September 28, 2023 (a few hours later): Luigi has call with binaryFate on what has been discovered; General Fund is confirmed to be intact. Shortly after, Luigi, binaryFate, and fluffypony have a call discussing the situation.
  • September 28 - now: Core Team discusses internally; Luigi and fluffypony forensic efforts – unfortunately, to date, no evidence of breach has been identified

Open questions:

  • How do we achieve CCS continuity for existing contributors? Core team is in favor of covering existing liabilities from the General Fund.
  • How do we structure the CCS going forward?
  • How did the breach occur?

The original announcement was posted here