Monero Details Website Malware Breach that Steals Cryptocurrency

Monero cryptocurrency XMR

A Reddit post made on November 19th by Monero’s core development team details that the software on the company’s official website was temporarily compromised and then programmed to steal cryptocurrency.

Monero (XMR), an open source cryptocurrency created in 2014, notified its users about the breach and posted a security warning on the social media platform Reddit. The Monero team states that within the last 24 hours of Nov. 19th, command-line interface (CLI) binaries that were available on the cryptocurrency website getmonero.org were altered.

The website’s CLI tools that were available may have been attacked. On the Reddit announcement post, the team shared details about the breach, elaborating that the hash of binaries for download were not matching up with the expected hashes previously set.

On Github, a site that provides hosting for software development based in America, a credible programmer under the alias of Serhack confirmed that the software that was distributed after the server had been compromised was counterfeit. In his comment, he said that the altered binary is stealing digital coins. 9 hours after he ran the binary, merely one single transaction was able to drain the cryptocurrency wallet.

If someone was able to make changes to the system’s file, hashes, which are non-reversible mathematical functions that are in this case used in generating a string of alphanumerical from a specific file, would have shown signs of changes.

How Crypto Users Can Verify They’re Not Compromised?

In open source cryptocurrency communities, it is commonly practiced keeping the hashes generated from a software that is made available for the users to download and save it on a server separated from the original. Due to this measure, consumers can identify a hash downloaded from the file against the expected one and see if they match up.

However, if the hash from the file downloaded is different than the one generated from the expected one, then it is evident that the version distributed by the server has been compromised and could potentially be dangerous due to unauthorized changes.

This was suggested by Monero team in the Reddit post where they cautioned their crypto users that if they had downloaded the binaries within the previous 24 hours of the post, and had not confirmed if the hashes match up, they should do so immediately.

In addition, in case of any errors and fabrications, the users should abstain from running the software. They concluded the post by assuring users that the team was investigating the matter further and posted a link for the correct hashes (TXT file) so the users can identify mismatches.

Sharing Is Caring: