Scammers have succeeded in hacking Monero's official website and infecting its wallet with malware that's capable of stealing user's cryptocurrencies when downloaded and installed.
The attack was noticed when a user reported about supposed differences between the hash for the wallet and the hash listed on the page. First, users thought it was a simple error, but soon, they discovered it was a malicious attack that was made to infect the software wallet with malware.
According to the report, this then led Monero's devs to check GitHub about the mismatching hashes coming from the website. It was then discovered that there was a deliberate, malicious attack that compromised the binaries of the CLI wallet had been compromised, which made it possible for a malicious version to being served instead.
However, Monero's officials noted they fixed the problem immediately, thereby implying that the attacked files were online for a short time. This meant that the compromised files were removed almost immediately as soon as the issue was reported. They claimed that the binaries are now served from another safe and secure source.
They then recommended that all the users who downloaded the wallet from their website between Nov. 18, 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries to know whether they correspond with the official ones.
If the hashes don't match the official ones, the users were encouraged to delete the files and download them again. The officials strongly warned users never to run the compromised binaries under any reason/circumstance.
To know the authenticity of their binaries, advanced users are told to use Linux, Mac, or Windows command line to verify them while beginners were told to use Windows. This would help them know when there are possible differences.
Image source: Shutterstock
Image Via Shutterstock