June 2026 server breach: ~200 XMR stolen
On June 8, 2026, OpenMonero was breached again, less than three weeks after the May exploit. An attacker gained root access at the server level, not the application, and took roughly 200 XMR (about $63,000), which the operator said was all platform funds.
The operator then reported the funds as lost and has not committed to reimbursing victims. This is the platform's third funds-loss incident in twelve months.
Full penalty applies until resolved.
OpenMonero is back after 2 weeks of downtime
The project is fully back up and running now. I ve switched the servers around, reset the onion address, environment variables, and backup codes to make everything more secure. We ve also done a pretty big redesign, adding full wallet isolation from the frontend, and the backend IP is now hidden too. 90 XMR were refunded just yesterday.
When you log in now, you get a notification to change your password. We ve got some cool features coming soon like PGP-signed transactions and private key extraction. Overall, I'm pretty happy with how things are moving forward.
Honestly, better to get hacked now and fix things than risk getting hacked later without even knowing. I take responsibility for the old setup. I was hosting everything on one server. But that's changed, the frontend now runs on its own server, and the backend is on a different one, with a different hosting provider. That way, if something happens again, it minimizes the damage.
We were down for almost 2 weeks due to an issue with the hosting providers dashboard (alexhost). All my top vendors got refunded yesterday, and the rest should be done in 2 - 4 months. OM is here to stay for at least 15 years. I think it takes around 2 years to really build solid security for a darkFI project like this.
The past couple weeks have been a huge learning experience. I ve learned about secrets management, source code obfuscation, runtime encryption, wallet isolation, secure deployments, proxies, V8 Bytecode + ASAR Integrity, RAM encryption with AMD SEV, and more. The effort now will really pay off in making the project way more resilient down the line.