December 06, 2021
-----BEGIN PGP SIGNED MESSAGE-----
Dear Monero users and participants of the Monero ecosystem,
Some vulnerabilities have been identified in the implementation of
Monero multisignature wallets.
These vulnerabilities do not affect the theory supporting multisigs,
but affect the current wallet code implementing them.
Initially disclosed and discussed via the vulnerability response
process*, the discussion has been enlarged to other key developers and
MRL contributors. We agreed together that a public announcement had to
These vulnerabilities affect (i) multisignature wallet creation and
(ii) multisignature transaction signing.
They can lead to funds being stolen by one of the signing parties.
Until a fix is released, we strongly recommend not to perform any
multisignature transaction unless all signing parties can be trusted.
If all signing parties cannot be trusted, no transaction should be
attempted. Funds are not at risk if they are not moved and if the
wallet-creation process was not abused.
A fix is currently being reviewed. At this stage we hope to have a
pull request ready within a week, together with a more detailed
description of the issues.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Post tags : Urgent