Compromise of Official Monero Website

Published on 20 Nov 2019

Updated on 28 Nov 2019

Background

 

Monero cryptocurrency has confirmed that its website was compromised and this was discovered on 18 November 2019. The Windows and Linux Command-Line Interface versions of the Monero binaries were altered to allow the delivery of a malware-infected file that steals funds from account owners.

 

Impact

 

Users who downloaded and ran the compromised versions of the binaries could potentially lose the funds stored in their Monero wallet.

 

Recommendations

 

Users who have downloaded any binaries from the official Monero website between 18 November 2019, 1030hrs (GMT+8) to 19 November 2019, 0030hrs (GMT+8) are strongly advised to compare the hashes of the downloaded binaries against the ones found on the official Monero website. If the hashes do not match, users should delete the files and download the binaries again from the official source. Users are strongly advised not to run the compromised binaries to prevent any possibility of losing the funds stored in their Monero wallet.

 

Users can refer to the instructions provided by Monero on how to verify the hashes of the binaries below:

 

References