Hackers hacked Cryptocurrency site
Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware
Attackers hacked the official Monero project to spread cryptocurrency stealing malware instead of the legitimate Monero downloads.
A cyberattack was confirmed by the website officials of the Monero cryptocurrency project on Monday, wherein attackers covertly replaced legitimate—and downloadable—Linux and Windows binaries with their malicious versions.
A supply chain cyber-attack came in light after a Monero user spotted a mismatch in the cryptographic hash for binaries he downloaded from the official site. It didn't match the hashes provided by the software developers.
A Monero user on Reddit claimed to have lost funds worth $7000 after installing the malicious Linux binary
Following an immediate investigation, the Monero team said that its website, GetMonero.com, was indeed compromised.
How it works?
The malware gets triggered when a user opens or creates a new wallet.
It is programmed to automatically steal funds from users' wallets.
The malicious functions send users' wallet seed—kind of a secret key that restores wallet access—to a remote attacker-controlled server, allowing attackers to steal funds from the victim without any hassle.
GetMonero immediately released an update saying, “anyone who downloaded the CLI wallet from this website between Monday 18th, 2:30 am UTC and 4:30 pm UTC, to check the hashes of their binaries.”
"If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason," it added.
"As far as I can see, it doesn't seem to create any additional files or folders - it simply steals your seed and attempts to exfiltrate funds from your wallet," the researcher said.
The identity of hackers is still unknown, and the GetMonero team is currently investigating the incident. Till the moment, there’s no clarity on how attackers managed to infiltrate the Monero website and who all got affected and lost their digital funds.
Attackers hacked the official Monero project to spread cryptocurrency stealing malware instead of the legitimate Monero downloads.
A cyberattack was confirmed by the website officials of the Monero cryptocurrency project on Monday, wherein attackers covertly replaced legitimate—and downloadable—Linux and Windows binaries with their malicious versions.
A supply chain cyber-attack came in light after a Monero user spotted a mismatch in the cryptographic hash for binaries he downloaded from the official site. It didn't match the hashes provided by the software developers.
A Monero user on Reddit claimed to have lost funds worth $7000 after installing the malicious Linux binary
Following an immediate investigation, the Monero team said that its website, GetMonero.com, was indeed compromised.
How it works?
The malware gets triggered when a user opens or creates a new wallet.
It is programmed to automatically steal funds from users' wallets.
The malicious functions send users' wallet seed—kind of a secret key that restores wallet access—to a remote attacker-controlled server, allowing attackers to steal funds from the victim without any hassle.
GetMonero immediately released an update saying, “anyone who downloaded the CLI wallet from this website between Monday 18th, 2:30 am UTC and 4:30 pm UTC, to check the hashes of their binaries.”
"If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason," it added.
"As far as I can see, it doesn't seem to create any additional files or folders - it simply steals your seed and attempts to exfiltrate funds from your wallet," the researcher said.
The identity of hackers is still unknown, and the GetMonero team is currently investigating the incident. Till the moment, there’s no clarity on how attackers managed to infiltrate the Monero website and who all got affected and lost their digital funds.
Comments
Post a Comment