On 19 November 2019, a security breach on the official website of Monero paved way for a malicious version of the software, placing user funds in peril. The said software was expected to steal cryptocurrency, according to a Twitter post published by an XMR core team member.
#Monero Security Warning:
CLI binaries available on https://t.co/UYopePqqdo may have been compromised at some point during the last 24h. Investigations ongoing.https://t.co/BqnONy4PPg
— Monero || #xmr (@monero) November 19, 2019
The announcement stated a possible manipulation of the command-line interface (CLI) binaries. The post noted that many users observed that the hash of the downloaded binaries did not match the expected hashes. The Reddit announcement read:
“It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. […] If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded.”
Organizer of Monero Malware Response Workgroup, Justin Ehrenhofer, stated that despite a history of several malicious attacks at Monero, this was, in fact, the first time it got affected. While funds had been in jeopardy, the researchers’ investigation showed that the attackers might even have had the power to implement unauthorized actions on the user’s behalf.
One user even came forward and reported a theft of coins from the malware. A Reddit user going by the name moneromanz stated that it happened “…roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”
Amid the chaos, Monero is trying to resolve the issue at the earliest while appealing for user cooperation. Users can still use the reliable version of the wallet through the link of the corrected hashes as shared by the team.
Image Courtesy: Pixabay
The post Monero Website Compromised with Crypto Stealing Malware appeared first on BitcoinNews.com.