Monero Website Hack Led to Theft of Cryptocurrency
The official Monero (XMR) website was compromised, leading to the distribution of malicious software designed to steal cryptocurrency, as confirmed by the coin's core development team in November 2019.
The command-line interface (CLI) tools available at getmonero.org were briefly replaced. The compromise was discovered when the cryptographic hash of the downloaded files did not match the officially posted hashes.
The Software Was Confirmed Malicious
On GitHub, a security professional confirmed that the software was indeed malicious after conducting an investigation.
“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”
An Important Security Practice: Verifying Hashes
Hashes are non-reversible mathematical functions used to generate a unique string from a file. This allows users to verify file integrity. If a file is altered in any way, the hash will change completely.
It is a common practice in open-source software to provide an official hash. Users can then generate a a hash from their downloaded file and compare it to the official one. A mismatch indicates the file has been tampered with.
“It appears the box has been indeed compromised and different CLI binaries served for 35 minutes... If you downloaded binaries in the last 24h, and did not check the integrity of the files, do it immediately. If the hashes do not match, do NOT run what you downloaded.”
Vigilance in the Crypto Community
In general, blockchain development communities are vigilant in tracking possible vulnerabilities. To incentivize this, some organizations have founded bug bounty programs that reward "white-hat" hackers for responsibly disclosing security flaws.
