Malware on Official Monero Website Can Steal Crypto: Investigator

The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team.

The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes.

The software was malicious

On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating:

“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”

An important security practice

Hashes are non-reversible mathematical functions which, in this case, are used to generate an alphanumeric string from a file that would have been different if someone was to make changes to the file.

It is a popular practice in the open-source community to save the hash generated from software available for download and keep it on a separate server. Thanks to this measure, users are able to generate a hash from the file they downloaded and check it against the expected one.

If the hash generated from the downloaded file is different, then it is likely that the version distributed by the server has been replaced — possibly with a malicious variant. The Reddit announcement reads:

“It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. [...] If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded.”

In general, blockchain development communities are vigilant in tracking possible vulnerabilities and maintaining network integrity.

In mid-September, the developer of Ethereum decentralized exchange protocol AirSwap’s developers announced a different important development for their project’s security. More precisely, they revealed the discovery of a critical vulnerability in the system’s new smart contract.

In order to incentivize network integrity, some organizations have founded bounty programs that reward so-called white-hack hackers for exposing vulnerabilities.

Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner   June 13, 2019
Developers Propose Plan to Protect Ethereum Classic Network From Further Attacks   Aug. 20, 2020
AT&T Wins Some, Loses Some, in Motion Dismissals in $24M SIM Swap Case   July 27, 2019
FBI issues alert over cybercriminal exploits targeting DeFi   Aug. 30, 2022
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019   June 8, 2020