The Monero Cryptocurrency official website was recently hacked and the attackers replaced a fake version of legal wallet files available for download.
The infringement of the Linux CLI wallet was discovered on November 18 after somebody found that it did not match the hashings provided by software developers.
An investigation has shown that a fake version has substituted some of the legal wallet data. Thankfully, the malicious files were not available for very long download, but at least one user reported their wallet was drained after a compromised file had been downloaded.
Monero users were advised to check the hashes of their CLI wallet binaries if they were downloaded between 10:30 UTC and 16:30 UTC on Monday 18 November.
“If[ hash] doesn’t match official files, uninstall and open the files again. Don’t run the binaries for any reason, “said the Monero team.
Researcher Bart Blaze analyzed one of the malicious Linux wallets and found that it was designed to steal the victim’s seed–the seed allows users in cryptocurrency wallets to access their funds— and exfiltrate the funds from their wallet.
The malware communicates with a C&C server which also has the Windows malware version, which is also intended to steal seeds and funds.
The way in which the attackers managed to plant the malware on the official website is currently unknown, but the Monero team promises to provide more information when the investigation into the event has been completed.
Monero (XMR) is one of the ten largest cryptocurrencies with a minimum of about $60 worth of 1 XMR.