The official website for the Monero cryptocurrency, GetMonero.com, was hacked to deliver malware that stole digital currency from users.
“Yesterday a GitHub issue about mismatching hashes coming from this website was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served,” GetMonero said in a statement.
GetMonero said that it immediately fixed the issue, meaning that these malicious files were only available on its website for a short period of time. It said that its binaries are now being served from a different, safe source.
“It’s strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC [4:30 AM SAST] and 4:30 PM UTC [6:30 PM SAST], to check the hashes of their binaries,” the team said.
“If they don’t match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.”
To check the hashes of their binaries, users can follow two guides provided by GetMonero – a beginners’ guide to verify binaries on Windows, and an advanced guide for verifying binaries on Linux, Mac, or Windows command line.
The team said that the situation was being investigated and an update would be provided soon.