Investigator Says Malware on Official Monero Website Can Steal Crypto
According to a post on November 19th on Reddit, published by the coin’s core development team the software available for download on Monero’s (XMR) official website was made in a way to steal cryptocurrency,
In the announcement, the team said the hash of the binaries available for download did not match the expected hashes. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the past 24 hours.
On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is malicious. He said:
“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”
Hashes are non-reversible mathematical functions which are used to generate an alphanumeric string from a file that would have been different if anybody was to make changes to the file.
It is a practice in the open-source community to save the hash generated from software available for download and keep it on a separate server.
If the hash generated from the downloaded file is different, then there is a high possibility that the version distributed by the server has been replaced. The Reddit announcement reads:
“It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. […] If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded.”