Author

Topic: {Warning}: Official Monero site gets hacked Binaries gets compromised (Read 161 times)

hero member
Activity: 2842
Merit: 772
Someone already reported that he had lost $7k already, don't be the next statistics, stay safe.

May sound rude, but .. it is his own fault.

How can someone download binaries from a website and run them without verifying the signature of the file ?
And then continuing to store 7k $ on it.. That's just dumb.

People are told to verify signatures all the time. Spend 1 hour on this forum and you already read multiple posts telling how crucial it is  to verify the signature of the downloaded wallet before running it.

I know, but what the hell, people are still so dumb and then bitch around and blame the system because they lost so much money. But if you look closely, 90% of that cases tells us that it's the users fault.

Just like in this case, downloading binaries without verifying it. Maybe he was a newbie or didn't know how to verify, but it's his own fault and I'm sure he had learn a lesson, a very expensive lesson in cryptoverse.
legendary
Activity: 1624
Merit: 2481
Someone already reported that he had lost $7k already, don't be the next statistics, stay safe.

May sound rude, but .. it is his own fault.

How can someone download binaries from a website and run them without verifying the signature of the file ?
And then continuing to store 7k $ on it.. That's just dumb.

People are told to verify signatures all the time. Spend 1 hour on this forum and you already read multiple posts telling how crucial it is  to verify the signature of the downloaded wallet before running it.
legendary
Activity: 2268
Merit: 2327
Marketing Campaign Manager |Telegram ID- @LT_Mouse
This has already been shared by iasenko in this section but may be moderator has moved into altcoin discussion. You either move there or lock the topic. Never mind.
https://bitcointalksearch.org/topic/m.53127879
legendary
Activity: 2576
Merit: 1655
Quote
Yesterday a GitHub issue about mismatching hashes coming from this website was opened. A quick investigation found that the binaries of the CLI wallet had been compromised and a malicious version was being served. The problem was immediately fixed, which means the compromised files were online for a very short amount of time. The binaries are now served from another, safe, source. See the reddit post by core team member binaryfate.

It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.

We have two guides available to help users check the authenticity of their binaries: Verify binaries on Windows (beginner) and Verify binaries on Linux, Mac, or Windows command line (advanced). Signed hashes can be found here: https://getmonero.org/downloads/hashes.txt.

The situation is being investigated and updates will be provided soon.

https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html

For those Monero holders out there, please read this important message as you might pull the malicious version accidentally or maybe you have the compromised binaries already.

You can also follow this link for more information: https://www.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/

Someone already reported that he had lost $7k already, don't be the next statistics, stay safe.
Jump to: