Recently, an attack on Cryptonote based coins was outlined on Reddit which would allow a malicious user to send coins that are unspendable by the recipient. The primary target for this type of attack would be an exchange, where the attacker sends coins to the exchange wallet and is credited for them, but leaves the exchange unable to spend those coin. This attack does not allow an attacker to steal coins from a wallet, and has no clear way how the attacker would benefit.

The Ryo team has been investigating the flaw, and has set up a monitoring script to detect an attack. There have been no such attempts of this attack on Ryo, but we still advise exchanges to have their wallet offline for the time being.

Today, Monero published their postmortem of the attack. We would like to analyze the attack deeper instead of purely copying the Monero pull request to avoid further issues.

We will post a status update about this in several days.