Important message for exchanges & Monero service operators
by Riccardo Spagni
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
If you are running a wallet on an exchange, payment gateway, or service,
please pay attention to the following message.
The Monero Vulnerability Response workgroup has received a disclosure of a
wallet bug related to coinbase transactions, that could be disruptive to
anyone running a wallet on an exchange, payment gateway, or service. There
will be a patch released on GitHub on March the 6th, 2019, at 4pm GMT, so
in about 4 days.
In the meantime, you can be safe against anyone trying to exploit this bug
by running "set refresh-type no-coinbase" in monero-wallet-cli. Note that
you will need to first close monero-wallet-rpc, and open the wallet with
monero-wallet-cli. This should be set for every wallet you're running. This
is a persistent flag, so once you quit monero-wallet-cli and start
monero-wallet-rpc on that same wallet, the setting will persist.
NB: this is not a consensus bug, there is no double spend, it does not
allow coins to be created out of thin air, etc.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEElLc43TUBMvWsvuodVUMt8xzNT80FAlx7tfoACgkQVUMt8xzN
T80VNAf+PKYPaagcGVIhnPCINqSIX/dw9tRMMMaE4q0u1AFTyZz6ynYuVFJrX6Ir
JoMThLf+wQAKlkBoxiSeLskWJ2ILpoP6S+CfZzBzFRYWTwy6NlTZT9WndSFTXPlJ
A/cLTfiHsmzLMc9fiwbcaZI3okcG2XEP7eXkwx5ocUhe1LV77a9Q5CuV1gt8siXA
i1eWNvH1KF33vctwmCvmF3yQf9mGJF4v2eG8IWre4Xr6TBqr4UndL3sBPGy5OS++
IrpBAv1ycTvHWmL2GKVt3AmdA4WwUhBBw7u0Reh1PpLAAWiFdHb5tYZbD9CCryjB
N2lKh+EyNb1DY0GWq4kHxgbMFN7LpA==
=6Pr5
-----END PGP SIGNATURE-----
5 years, 8 months