Monero website briefly contained binary containing malware that stole cryptocurrencies

The website of cryptocurrency Monero has been hacked for a short time. Malware was placed on the site, stealing cryptocurrencies from users. It is not known how many victims downloaded the infected software.

The malware may have been online for 14 hours, Monero says. Monero’s wallet’s CLI binaries had been replaced with a file containing malware. That malware was able to steal the cryptocurrency from the wallets that users had on their computers. It only concerned the CLI binaries and not the Windows, MacOS or Linux versions of the wallet. The malware was discovered when a user noticed that the verification hash did not match the download itself. He filed an issue on GitHub. Monero later confirmed the leak in a tweet.

Monero says the infected binaries were online for only a short time. They recommend that all downloaders of the CLI wallet check its hashes if they downloaded it between 1:30 AM and 3:30 PM on Monday. It is not yet known how the supply chain attack could have taken place or whether other systems of Monero were also hacked. The developers behind the coin say they are still investigating and will provide more details at a later date.

Monero is a cryptocurrency that is widely used in cryptominers. Today, this mainly happens with crypto malware, but it was once possible to mine Monero via a plugin that administrators could implement on their website. Coinhive, among others, used that controversial method, but stopped doing so in March of this year.