Bitcoin Forum

Alternate cryptocurrencies => Altcoin Discussion => Topic started by: Baofeng on November 20, 2019, 12:58:08 PM



Title: {Warning}: Official Monero site gets hacked Binaries gets compromised
Post by: Baofeng on November 20, 2019, 12:58:08 PM
Quote
Yesterday a GitHub issue about mismatching hashes coming from this website was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served. The problem was immediately fixed, which means the compromised files were online for a very short amount of time. The binaries are now served from another, safe, source. See the reddit post by core team member binaryfate.

It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.

We have two guides available to help users check the authenticity of their binaries: Verify binaries on Windows (beginner) and Verify binaries on Linux, Mac, or Windows command line (advanced). Signed hashes can be found here: https://getmonero.org/downloads/hashes.txt.

The situation is being investigated and updates will be provided soon.

https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html

For those Monero holders out there, please read this important message as you might pull the malicious version accidentally or maybe you have the compromised binaries already.

You can also follow this link for more information: https://www.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/

Someone already reported that he (https://www.reddit.com/user/moneromanz/) had lost $7k already, don't be the next statistics, stay safe.


Title: Re: {Warning}: Official Monero site gets hacked Binaries gets compromised
Post by: Little Mouse on November 20, 2019, 01:01:22 PM
This has already been shared by iasenko in this section but may be moderator has moved into altcoin discussion. You either move there or lock the topic. Never mind.
https://bitcointalk.org/index.php?topic=5203004.msg53127879#msg53127879


Title: Re: {Warning}: Official Monero site gets hacked Binaries gets compromised
Post by: bob123 on November 20, 2019, 02:16:32 PM
Someone already reported that he (https://www.reddit.com/user/moneromanz/) had lost $7k already, don't be the next statistics, stay safe.

May sound rude, but .. it is his own fault.

How can someone download binaries from a website and run them without verifying the signature of the file ?
And then continuing to store 7k $ on it.. That's just dumb.

People are told to verify signatures all the time. Spend 1 hour on this forum and you already read multiple posts telling how crucial it is  to verify the signature of the downloaded wallet before running it.


Title: Re: {Warning}: Official Monero site gets hacked Binaries gets compromised
Post by: Jating on November 21, 2019, 02:32:43 AM
Someone already reported that he (https://www.reddit.com/user/moneromanz/) had lost $7k already, don't be the next statistics, stay safe.

May sound rude, but .. it is his own fault.

How can someone download binaries from a website and run them without verifying the signature of the file ?
And then continuing to store 7k $ on it.. That's just dumb.

People are told to verify signatures all the time. Spend 1 hour on this forum and you already read multiple posts telling how crucial it is  to verify the signature of the downloaded wallet before running it.

I know, but what the hell, people are still so dumb and then bitch around and blame the system because they lost so much money. But if you look closely, 90% of that cases tells us that it's the users fault.

Just like in this case, downloading binaries without verifying it. Maybe he was a newbie or didn't know how to verify, but it's his own fault and I'm sure he had learn a lesson, a very expensive lesson in cryptoverse.