Monero cryptocurrency official website compromised on November 18th evening to deliver malware to users capable of stealing funds from their accounts.
A user (nikitasius) spot the breach and report the same on Github. The user downloaded the 64-bit Linux binary that looks unknown. The user reports the breach just after receiving the wrong hashes from getmonero.org. The breach is confirmed by Monero Developers in a tweet.
It’s strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don’t match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.
Monero Team
CLI Binary files downloaded are compromised for 14 hours while as per the Monero team, the problem was fixed and now, the Monero will be served from a safe and more secure source.
It appears the box has been indeed compromised and different CLI binaries served for 35 minutes. Downloads are now served from a safe fallback source.
Monero Team
According to a report from ZDNet, we found that a Reddit user reported that after 9 hours of the breach, he run the binary and a single transaction of $7,000 drained the wallet.
It is not cleared yet the number of users whose funds have been stolen in the breach. Per the report of Decrypt, we found that the German Finance Ministry admitted that Monero is more dangerous than Bitcoin in their annual risk report.
The Malware infected file can be downloaded from here, For reverse-engineering purposes by researchers. It is highly recommended Not To Run this file on your system.