he attack was discovered when a user posted on GitHub that the cryptographic hash for a Linux command-line interface (CLI) wallet downloaded from the site didn’t match the hash listed on the page. After confirming that this was not an error a few hours later it was discovered to be an attack to infect GetMonero users with coin-stealing malware.

Reddit user posted, “roughly 9 hours after I ran the binary a single transaction drained my wallet of all $7000,” the person wrote. “I download the build yesterday around 6pm Pacific time.”

An analysis of the binary on blogsite, bartblaze.blogspot.com, found that it added a few new functions to the original binaries. After a user would open or create a new wallet, it sent that wallet’s seed to a server located at the address: node.hashminero.com. Then the malware would send wallet funds to servers that were located at the addresses node.xmrsupport.co and IP: 45.9.148.65.

Reddit user binaryfate posted in in r/Monero. In the post he addresses that, “users noticed the hash of the binaries they downloaded did not match the expected one,” and continues to confirm that, “the box has been indeed compromised and different CLI binaries served for 35 minutes.”

Monero posted official information and next steps on November 19 as a response:

“Yesterday a GitHub issue about mismatching hashes coming from this website was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served. The problem was immediately fixed, which means the compromised files were online for a very short amount of time.”

In the interim, downloads for the Linux CLI wallet will be served from an alternative source and Monero gave some advice for users who may be affected.

“It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.”

Monero also posted guides to verify the authenticity of their binaries for the Windows graphical-user interface and the Mac, Windows and Linux CLI. They also posted a download link to a text document with signed hashes.

Cyber security is a major issue in the crypto space and not every issue can be prevented, even with the best security practices and measures in place.

According to Norton US, a large digital security company known for its anti-virus software, there have been over 4 billion records exposed as the result of data breaches. Furthermore, according to a report from the Herjavec Group in 2019, cyber crime will cost the world over $6 trillion dollars by 2021.

Always keep updated with any security risks to protect your assets, and be careful to review anything you download, even from the most trusted companies and sites.

‍