- Monero has issued a warning to its users about possible malware. On the last day, if they downloaded a binary file they might see their security compromised.
- The vulnerability would have arisen just before Monero’s Hard Fork.
As reported by CNF, Monero (XMR) has his next Hard Fork pending by the end of November of this year. By then, it’s expected to change its Proof of Work (PoW) protocol. The update would make Monero’s algorithm more resistant to ASIC miners.
A few days before this event, Monero reports a possible malware that would affect the security of its users. Those affected would have downloaded a binary file from getmonero.org.
Malware in Monero’s files (XMR)
Monero reported that an investigation on his GitHub page would have revealed a problem of hashes discordance. From this, they were able to determine that a malicious version of the CLI wallet was served.
Such a malicious version would have a binary file, according to Monero’s developers, unusual for this particular case. The malicious version would have been online for a limited amount of time. However, users who downloaded these files could see their wallet’s security compromised.
Monero’s team was quick to detect the failure. Now, the binary files of the CLI wallet can be downloaded from a secure server. It is recommended to all users who downloaded it in that period of time, to check the link enabled by the Monero’s team.
In addition, it is also recommended that all Monero users review the hashes of their binary files:
If they don’t match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.
The team continues to investigate the incident and hopes to make updated reports shortly.
Monero’s hard fork and its implications
As mentioned, the fault occurred shortly before Monero’s Hard Fork. This should take place when block 1.978.433 is reached on November 30th of this year.
Monero’s Hard Forks occur at specific times. Approximately every six months. The one of November of this year, should solve a problem that Monero has had for a while: the ASIC mining equipment. These equipments are specific hardware to perform mining. Therefore, they are more powerful and according to members of the crypto community, they have contributed to the decrease of decentralization in certain networks.
A security breach during a Hard Fork is very possible. For this reason, other development teams, such as Ethereum, have kept their users abreast of their progress. In addition, they have hired independent firms to perform security audits and have asked for support from their community.
It remains to be seen what the results of Monero’s team investigation will be. The number of users and wallets affected is unknown. It is a good sign that the fault has been caught in time and work is being done to solve it.
For now, Monero’s price is $58.16 USD and has moved sideways (-1.52%) in the last 24 hours.