Subscribe to our Telegram channel!

A serious vulnerability has been discovered in the popular cryptocurrency Monero

3:05 am, June 18, 2026

A serious vulnerability was discovered in P2Pool, a decentralized mining pool for the Monero cryptocurrency. It allowed attackers to manipulate the payment system and embezzle rewards that were intended for honest network participants.

P2Pool allows miners to run their own nodes and receive payments without a central server or intermediaries. Under normal conditions, each successful mining result generates a single unique accounting unit, which determines the size of the reward.

The problem lies in older versions of the software. A bug allowed users to mine one genuine share and then generate thousands of counterfeit copies of it and submit them to the system. Older versions of P2Pool accepted the fakes as valid entries—up to 12,000 copies could be generated from a single result. The fake shares filled the PPLNS «payout window,» through which the pool distributes the reward for a mined block among participants. As a result, honest miners lost part of their payouts, while the attacker could pocket up to 80% of the reward. With the next successful block, the attacker received the entire payout.

On Wednesday, June 17, more than half of the hash rate on the Mini and Nano subnets was running on outdated code. Because of this, the mining rewards of these participants were effectively being diverted to the attacker. To minimize losses, the developers began mining specially crafted blocks themselves—this allowed them to intercept the unauthorized rewards and subsequently return the funds to the affected miners.

The developers assured users that the vulnerability does not grant access to wallets, does not expose private keys, and does not threaten coins already received. The risk applies exclusively to future payments: a miner using an older version of the software can continue mining, but a portion of their mining output will continue to go to the attackers. There is no need to transfer coins, change, or update your wallet due to this bug.

This incident occurred against the backdrop of a recent scandal involving the Zcash blockchain, where a critical flaw was also discovered. It allowed for the creation of an unlimited number of counterfeit ZEC tokens within the pool and had existed since May 2022. After news of the vulnerability broke, the price of ZEC plummeted by more than 50%.

BTC

$64,109.16

-1.34%

ETH

$1,743.67

-1.80%

BNB

$589.39

-2.13%

XRP

$1.17

-2.08%

SOL

$71.70

-1.74%

All courses
Show more