In the last Monero General Fund transparency report in March 2023, the General Fund held 8452 XMR. As far as we know, this separate wallet is safe and unaffected. It would be possible to pay people with active CCS proposal from the General Fund, but nothing has been decided.
Womp womp
It may make sense to store CSS funds in another coin that is more multisig/offline singing friendly until we have an easy to use mutisig in monero. Then convert to XMR for payouts.
If crypto experts cannot keep funds safe then the average user has no hope.
Something is seriously wrong. There’s a reason decentralisation is important. Anonymity or not, you never put all your eggs (digital or physical) in one basket for precisely this sort of reason. Once the wallet size reached a certain threshold (say 100 or 500 XMR), a new wallet should have been created for subsequent funds and the previous wallet should be in a hardware or paper wallet with a different trusted person ideally multisig. If funds were stolen via hack or the police forces the wallet holder to give up the keys, only a fifth (for a 500 XMR wallet) or a twenty fifth (for a 100 XMR wallet) of the amount would have been lost. If multisig is buggy, it need be ready for Seraphis. If it’s just a matter of UI, then it needs to made usable and widely adopted. Remember, one of the key advantages of Monero is that it make privacy easier. You can try use Bitcoin and go through a lot of hoops to get privacy and forever stay vigilant, or just use Monero. Multisig and managing multiple accounts should be at most as difficult as Bitcoin.
FUUUUCK! will be very interested to see what is found that caused the breach.
Seconded.
With only 2 known keyholders and likely 1 single person with physical access to the Qubes laptop, and where the whole key and wallet were probably stored in a standalone offline vault-vm, what the fuck happened?
I see. They held the hot wallet on Windows fucking 10.
Unbelievable. Opsec? What’s Opsec?
As pointed out in the github thread by someone, the more useful opsec flow should have gone something like this.
And make the offline computer an offline vault-vm on a non-internet Qubes laptop .
How anyone that understands crypto is using windows in the year 2023 is beyond me. You cannot fix laziness with FOSS.
A hard blow.
I’m thinking of Pegasus-like outliers that are out-of-scope or potentially rather governments.
Air gap may not be sufficiently safe in extreme cases.