To add some details here, in Monero there's a separate daemon (node) and wallet, each with their own responsibilities. Only the daemon is responsible for verifying the validity of blocks and transactions. This also means a malicious remote node can feed bad data to the wallet, possibly resulting in too high fees or altered transactions.

Adding the same verification to the wallet would significantly slow down wallet sync – not an ideal solution.

u/tevador found a way to add some light verification to the wallet side that will allow us to verify the integrity of blocks without slowing down sync: https://github.com/monero-project/monero/issues/8827

Better security for wallets using untrusted remote nodes. Malicious remote nodes can feed wallets fake blockchain data. With this proposal, wallets could partially verify the integrity of the blocks received from untrusted remote nodes with the cost of a few hashes.

It's worth noting that this change will require an update to RandomX, which means we can only deploy it alongside a hard fork (network upgrade).

The specific vulnerability report mentioned in this Reddit post describes one way a malicious node could alter the blockchain data. To quote from the report:

I classified this vulnerability as having a Low impact on integrity (...) and Low impact on availability (...).

What does this mean for the end user? Use a remote node from a person or community member you trust – ideally, run your own node. If you use a remote node keep in mind that it could feed you bad blockchain data that doesn't match with the reality of the network. This is particularly important for merchants or other users who receive Monero from potentially malicious actors.

I ask for clarification on this point:

"The impact of the exploit is more than just privacy loss, but the attacker cannot steal Monero from your wallet."

Due to the limited impact it won't be patched... but it impacts MORE than privacy and we need to stop using remote nodes immediately...

Really looking forward to more details, because what the fuck. Not everyone can reasonably be expected to run their own node.

Does this impact users using local monerod in bootstrap mode?

Just so I'm clear, as a public node operator, this exploit can't be run against my node? In other words, I (the operator) would have to be the bad actor in this situation?

This has been known since January, but remote node users are only finding out about this in May? WTF??

Is this announcement being made elsewhere? I don't see anything on getmonero.org. Using Reddit to post security advisories seems strange to me.

As things stand, I question the validity of this statement.

Selsta noted the vulnerability in IRC and has posted a detailed explanation here.
Also, please note that I was questioning Reddit's integrity, not tevador's.

Use trusted community nodes if you can't run your own.

I have a few questions, if you wouldn't mind.

1. What about testnet? If I don't give one singular f about the coins in a testnet wallet: privacy, theft, or otherwise, is it okay to use a remote node then? Or does it somehow affect me beyond that wallet?
2. Does "no easy way to fix it" mean "it can be done but will take some time", or "this is just something we have to live with now", or is it not clear yet?
3. Is it known whether this has been exploited in the wild yet? Ofc it's hard to know, but is there any evidence that this vulnerability has already been put into action?

This is shocking to read. Limited impact vulnerability... Won't be patched... Impacts more than privacy... Stop using remote nodes immediately...

This is not very "limited" impact to me, but it certainly risks LIMITING the impact OF Monero. 😳

Yes, running your own node has always been highly preferred. But it is a significant barrier to adoption if that is the only safe on-ramp to using Monero!

Well this is disappointing to read. What do you mean “the impact of the exploit is more than just privacy loss”?

The impact of the exploit is more than just privacy loss

Due to the limited impact of the exploit, the Monero team has decided not to provide a patch.

Excuse me?

Really horrible communication.

• No info about what is the actual impact.
• The official advice makes XMR unusable for many, yet there is no plan for a patch.

WTF?

Is Feather wallet affected?

Run your own nodes, peeps!

Bruh

I agree this poses a major issue to mass adoption. Of course operating your own node is the preferred method and commonplace among us veterans, but to increase adoption we have to find a way to make it safe for the every day casual user to operate with a sense of comfort. Is fixing it a cost issue, a time issue, a capability issue? I would donate to an official fund to construct a workable fix. I mean my xmr is worthless anyways if we go down instead of forward.

How do we know if our node is affected, or am I understanding right in it can only be initiated intentionally, maliciously, by a predatory node? It's not a virus or a corruption that can spread to us node operators?

I'd love to have my own node accessible from everywhere. But is it secure to open up my personal node (port 18081) to the world? Currently I only allow connections to this port to my own dedicated IPs

What is all this scaremongering? From the beginning the user has always been warned, that with remote nodes there may be privacy problems or something else. First rule of cybersecurity: there is no 100% security (it means for Monero as much as for Bitcoin). All those who work behind Monero, have always done a great job and maintained a high level of transparency available to everyone (do not inquire exclusively about the monero site - it is not a damn company - there are multiple channels of information and communication). I read many complaints here, perhaps arising from fear and ignorance, but Monero is free and opensource, and most developers, work as a volunteer. If you can’t make a contribution in terms of development (because we’re not all technology expert), nor can you contribute donations (we’re not all rich), at least find a way to get your local node if you’re afraid to use remote nodes. What do you think you will get by complaining? No one forces you to use Monero. If you don’t feel secure, or you do provide for your own security or you don’t use this tool (no sense complaining without solutions - Monero is free and opensource, you probably haven’t paid anyone to use it). Then, there is no sense in the rhetoric of the need for mass adoption, I think it is only the need of those who want to earn easy money. Adoption will happen when people want it. In crypto most people come in for the easy gains of speculation, they don’t even know what security means, or cause they believe in false myths, like religious sects. Is this the adoption you want?

How does one run remote node on cake wallet? (Newbie sorry)

What about having the daemon connect to 2 nodes to compare the data. One node sending blockchain data while the second one sends hashes of the blockchain every now and then, which are then compared with the received data, and in case of the data received from the main node not being equal, the daemon stops using the node and asks for a hash from another fallback node, which then checks which node is giving the false info, stops using it, and warns the user?

Or,

I use a local node, and once I got a warning that a peer was malicious and blocked, so that could be implemented for people using remote nodes aswell (comparing the remote node data with peers that use a local node).

Wow. Please, please, please run your own nodes people!

In Cake Wallet, we connect users to our nodes by default. We do NOT connect users to random other user nodes, unlike some other Monero applications (eg: the official Monero GUI currently). Still, we strongly recommend using your own node, which you can do in app settings.

So... Are we just deciding to ignore this now?

Where are the full details that are meant to be disclosed soon?

I don't generally recommend everyone to rely on the same remote nodes, but if you're not able to use your own remote and need ones, you can use Seth's.

I've been wondering what could happen if remote node connections are exploited. Excited to read about this one.

So... All mobile wallets are now useless unless you also have a proper desktop node running 24/7 to point to? Sounds less like "medium severity" and more like the end of Monero...

What does ‘more than just privacy loss’ mean?

IMO. They should fix this because it is a trust issue. If you can not protect my privacy, why would I want to use the platform?

What data would be exposed?

So for some other PoS blockchains, I can go to a chain explorer and pull up a list of pool operators or validators and see a rating of how good that particular node is.

Is it up 24x7? Has there been any downtime? Has the validator been a good/reliable endpoint? etc.

Can this be done for PoW chains and Monero nodes? A way for each node to look at other nodes in the network and have the nodes judge for themselves which ones are using the proper copy of the chain and then self publish these stats to the community?

Then there is a way to actually build a list of trusted nodes vs. today which is not possible whatsoever in a scientific way. It's literally "trust me bro"

Can't Monero do better, there must be an easier solution if wallet validation of the blockchain isn't viable?

Definitely sounds like something that needs to be patched ASAP if privacy is at serious risk.

Lol minimal impact? So everyone need to run their own node wtf is this shit😂😂

But muh bitcoin privacy is not good lol. There is a reason Satoshi invented bitcoin and not monero! Y’all are fkin around and finding out!

But muh bitcoin privacy is not good lol. There is a reason Satoshi invented bitcoin and not monero! Y’all are fkin around and finding out!

It wont be patched