Recently, on the /r/Monero subreddit, XMR Core Team member /u/binaryFate posted a security warning, stating that CLI binaries may have been compromised at some point over the last 24 hours.
According to the post in question, some Monero users noticed that the hash of the downloaded binaries did not match expected results. The issue was first brought to light 15 hours ago and as of the time of writing, it is still open and yet to be resolved. /u/binaryFate stated,
“It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source. Always check the integrity of the binaries you download!”
The post also warned those who had downloaded binaries over the last 24 hours without checking the integrity of the files, asking them to do so immediately. The Monero core team member also requested users to not run them in case the hashes do not match.
In cases where the binaries had already been run, the XMR Core Team member asked users to transfer funds out of all wallets opened with the likely malicious executables using a safe version of the Monero wallet. The member added,
“The one online as we speak is safe — but check the hashes”
The moderator also said that more information will be posted in time, with several people currently investigating to get to the bottom of the issue. Additionally, a link to the correct hashes was also shared by the Monero core team member.
Monero was in the news lately after one of its core workgroups, Monero Outreach, hit back at Coinbase’s blog on PoW security. Monero Outreach slammed Coinbase’s study, claiming that it put forward “arguably inappropriate” conclusions.
