Warning: Monero Verification Tools May Be Compromised

Published November 19, 2019 | Updated December 10, 2019

Monero

Warning: Monero Verification Tools May Be Compromised

In the last 24 hours, Monero CLI binaries downloaded from getmonero.org may be compromised as related code doesn’t march with those in GitHub. For 35 minutes, a Redditor says, different CLI binaries were served. This is a security risk and operators who ran infected binaries are been requested to move their XMR stash away from their wallet lest they lose them in what appears to be a sophisticated attempt to fleece miners, the gatekeepers of the anonymous and private network.

Move Monero (XMR) To a Safe Wallet

Presently, this has been rectified and now files are available from a fallback source. Node operators who downloaded infected binaries without verifying if hashes match have been asked to move their funds out to a safe version of the Monero wallet away from the probably infected node bearing the malicious executable.

Usually, operators are required to check the integrity and verify all binaries, checking whether they are signed by Fluffypony’s GPG key. This recommendation is vital as doing so confirms that running binaries are sourced from the official Monero database and not from anywhere else.

Otherwise, failure to do so and operating infected files open doors for phishing and other attacks that could result in loss of valuable Monero (XMR) coins. To determine the integrity of binary files, authentic code is cryptographically signed while fake ones will always produce a different hash than in the GitHub file.

advertisement

Upgrading Monero is an Attacking Vector?

There are two ways of upgrading the Monero code. Either using the CLI mode or through GUI. For those who are using the CLI binaries and seeking to upgrade to the latest version of Monero, the activation procedure involves the download, extraction and transfer of the required binaries from old to new directories. Often, there is no need of blockchain resync.

Monero is one of the leading cryptocurrencies focused on privacy and censorship-resistant transactions. Realizing that sending and receiving addresses could be linked to a real-world identity, the Monero network adopted two main features from CryptoNote: Ring signatures and Unlinkable transactions.

Combined, these two features obfuscate addresses, and the amount sent meaning Monero transactions are literally untraceable and confidential as required.  As a fungible, untraceable coin, related transactions cannot be censored at any point. The Kovri Project is under development and once launched, transacting parties would have their IP addresses hidden, a cushion against network monitoring.

Disclaimer
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.
About Author
Dalmas is a very active cryptocurrency content creator and highly regarded technical analyst. He’s passionate about blockchain technology and the futuristic potential of cryptocurrencies and enjoys the opportunity to help educate bitcoin enthusiasts through his writing insights and coin price chart analysis. Follow him at @dalmas_ngetich

Subscribe to our newsletter for free

Dalmas Ngetich 335 Articles
Dalmas is a very active cryptocurrency content creator and highly regarded technical analyst. He’s passionate about blockchain technology and the futuristic potential of cryptocurrencies and enjoys the opportunity to help educate bitcoin enthusiasts through his writing insights and coin price chart analysis. Follow him at @dalmas_ngetich
Follow Dalmas @