BSV
$56.75
Vol 64.84m
-8.48%
BTC
$100943
Vol 115741.56m
-3.26%
BCH
$480.17
Vol 600.48m
-8.83%
LTC
$108.62
Vol 2025.11m
-12.12%
DOGE
$0.36
Vol 7074.94m
-6.86%
Getting your Trinity Audio player ready...

Monero’s official website was compromised to deliver a malware-infected file that steals coins from account owners. The compromise was confirmed on Tuesday, Nov. 19, the XMR Core Development Team member Binaryfate alerted Reddit readers that the binaries of the command-line interface (CLI) wallet users were downloading were briefly altered. The SHA256 hash from the downloaded file did not match the SHA256 hash listed on the official site. For 35 minutes, different CLI binaries were served. 

“If they downloaded binaries in the last 24h, and did not check the integrity of the files, to do so immediately. If the hashes did not match, do not run the download,” Binaryfate further warned Reddit readers. “If you have already run them, transfer the funds out of all wallets that you opened with the (probably malicious) executables immediately, using a safe version of the Monero wallet (the one online as we speak is safe — but check the hashes).”

The report of stolen coins was confirmed on GitHub by a professional investigator using the nickname Serhack. Approximately nine hours after he ran the binary, a single transaction drained his wallet. The build was downloaded yesterday around 6 pm PST. 

XMR Core community team member ErCiccione followed up on Monero’s (XMR) official website explaining an investigation found that a malicious version of the binaries of the CLI wallet was served. The problem occurred on Monday 18th, 2:30 am UTC, and 4:30 pm UTC. XMR holders are advised to delete the corrupted files and download them again from a safer source.

Although the Monero team states it intervened to take down the compromised file, at least one Reddit user reported losing funds.

Two guides have been provided (here and here) to help users check the authenticity of their binaries, while the correct hashes are available here.

This case is not the first time a hacking occurred on a leading blockchain development platform. In September, AirSwap’s developers announced the discovery of a critical vulnerability in the system’s new smart contract. To maintain network integrity, many development teams now offer bounty programs for exposing vulnerabilities. Users still must always check the integrity of the binaries you download. 

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement