Warning: Monero Verification Tools May Be Compromised

Monero

Warning: Monero Verification Tools May Be Compromised

In the last 24 hours, Monero CLI binaries downloaded from getmonero.org may be compromised as related code doesn’t march with those in GitHub. For 35 minutes, a Redditor says, different CLI binaries were served. This is a security risk and operators who ran infected binaries are been requested to move their XMR stash away from their wallet lest they lose them in what appears to be a sophisticated attempt to fleece miners, the gatekeepers of the anonymous and private network.

Move Monero (XMR) To a Safe Wallet

Presently, this has been rectified and now files are available from a fallback source. Node operators who downloaded infected binaries without verifying if hashes match have been asked to move their funds out to a safe version of the Monero wallet away from the probably infected node bearing the malicious executable.

Usually, operators are required to check the integrity and verify all binaries, checking whether they are signed by Fluffypony’s GPG key. This recommendation is vital as doing so confirms that running binaries are sourced from the official Monero database and not from anywhere else.

Otherwise, failure to do so and operating infected files open doors for phishing and other attacks that could result in loss of valuable Monero (XMR) coins. To determine the integrity of binary files, authentic code is cryptographically signed while fake ones will always produce a different hash than in the GitHub file.

Upgrading Monero is an Attacking Vector?

There are two ways of upgrading the Monero code. Either using the CLI mode or through GUI. For those who are using the CLI binaries and seeking to upgrade to the latest version of Monero, the activation procedure involves the download, extraction and transfer of the required binaries from old to new directories. Often, there is no need of blockchain resync.

Monero is one of the leading cryptocurrencies focused on privacy and censorship-resistant transactions. Realizing that sending and receiving addresses could be linked to a real-world identity, the Monero network adopted two main features from CryptoNote: Ring signatures and Unlinkable transactions.

Combined, these two features obfuscate addresses, and the amount sent meaning Monero transactions are literally untraceable and confidential as required.  As a fungible, untraceable coin, related transactions cannot be censored at any point. The Kovri Project is under development and once launched, transacting parties would have their IP addresses hidden, a cushion against network monitoring.

Summary
Warning: Monero Verification Tools May Be Compromised
Article Name
Warning: Monero Verification Tools May Be Compromised
Description
In the last 24 hours, CLI binaries downloaded from getmonero.org may be compromised as related code doesn’t march with those in GitHub.
Author
Publisher Name
CoinGape
Publisher Logo
Coingape is committed to following the highest standards of journalism, and therefore, it abides by a strict editorial policy. While CoinGape takes all the measures to ensure that the facts presented in its news articles are accurate.
Disclaimer The views, opinions, positions or strategies expressed by the authors and those providing comments are theirs alone, and do not necessarily reflect the views, opinions, positions or strategies of CoinGape. Do your market research before investing in cryptocurrencies. The author or publication does not hold any responsibility for your personal financial loss.
Author: Dalmas Ngetich

Dalmas is a very active cryptocurrency content creator and highly regarded technical analyst. He’s passionate about blockchain technology and the futuristic potential of cryptocurrencies and enjoys the opportunity to help educate bitcoin enthusiasts through his writing insights and coin price chart analysis. Follow him at @dalmas_ngetich

Post your comment...
Dalmas Ngetich 54 Articles

Dalmas is a very active cryptocurrency content creator and highly regarded technical analyst. He’s passionate about blockchain technology and the futuristic potential of cryptocurrencies and enjoys the opportunity to help educate bitcoin enthusiasts through his writing insights and coin price chart analysis. Follow him at @dalmas_ngetich

Follow Dalmas @