The official website of the Monero Project has been compromised to deliver a
The hack was discovered after a user downloaded a Linux 64-bit command line (CLI)
The user discovered that the SHA256 hash calculated for the downloaded binary did not match the SHA256 hash listed on the official site, suggesting that the two files were different likely for the presence of a malicious code.
The user reported his discovery to the Monero team that confirmed the hack today.
“Yesterday a GitHub issue about mismatching hashes coming from this website was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served.” reads an advisory published by Monero on the official website. “The problem was immediately fixed, which means the compromised files were online for a very short amount of time. The binaries are now served from another,
The Monero team recommends users who downloaded the CLI wallet from this its official website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. In case the hashes don’t match the official ones
Monero maintainers published the links to guides that explain how to check the authenticity of their binaries on Windows (beginner) and Verify binaries on Linux, Mac, or Windows command line (advanced).
Although Windows and
“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet,” said
“I have not completed any malware analysis as of yet, but I’d like to get to the bottom of whether the binary is limited to stealing
Moneromanz upload the coin stealer to “https://anonfile[.]com/bbq8h9Bdn7/monero-wallet-cli” to allow other experts to analyze it.