A security flaw in Monero puts users’ funds at risk

hacking 2300793 1280

Yesterday volunteer security researchers detected a significant security flaw in Monero wallet that could have prompted its users to download a malicious version, thereby putting their funds at risk.

On 19th November 2019, an XMR Core Team member /u/binaryFate published a Monero security warning on the subreddit that stated a potential hack on CLI binaries over the last twenty-four hours. According to the post, some Monero wallet users noted that the hash of the downloaded binaries was different than the results expected otherwise. Although the issue has been brought out in the open, it is yet to be resolved.

A major security flaw in Monero

Thus, the team has urged anyone who has downloaded the binaries in the last twenty-four hours and not verified the authenticity of the files, to immediately check if the hashes match. If they fail to match, the users are requested not to run the downloaded file. And those who have gone ahead and run the file, transfer all the funds out of the wallet, thus preventing them from getting stolen.

Meanwhile, the moderators have requested users’ cooperation until the security team is able to get to the bottom of this issue and resolve it. Meanwhile, if anyone wishes to use the secure version of the Monero wallet, the link to the corrected hashes has been shared by the Monero team.

Hackers could gain unauthorized control

Justin Ehrenhofer, Organizer of Monero Malware Response Workgroup, explains although hackers have frequently targeted the Monero website for malicious activities, this was, in fact, the first time that it got compromised. He further added that the researchers detected a code that transfers the Monero mnemonic seed, with the information on private keys, to the hackers’ server, thus jeopardizing the victims’ funds stored in the wallet.

A further investigation on activities related to remote-access suggests that attackers may have the ability to perform other unauthorized actions on users’ behalf, Ehrenhofer added.

A disaster that could have been avoided

Meanwhile, a pseudonymous cybersecurity researcher and the owner of a security website commented that had Monero come clean about the security breach well in advance, many users would have been saved from the trouble of verifying their downloaded files. Instead, according to him, Monero chose to post the warnings as late as fourteen hours after the breach, only on platforms such as Twitter and Reddit, thus exposing many of its users to risk.

If only Monero’s official website had warned its users of the potential risk immediately after the flaw was noticed, a lot of damage could have been averted, claims the cybersecurity expert.

Featured Image by Pixabay

Manasee Joshi

Manasee Joshi

An avid reader and an enthusiastic writer, Manasee recently chose to dedicate her time doing freelance writing. A degree in English literature and experiences in Administration, HR, finance, literature, creativity and innovation tucked under her belt, she crafts engaging and compelling content for crypto and blockchain audience.

Related News

Hot Stories

Ohm Staking Risks and Rewards
Bitcoin, Ethereum, Tron, and Chainlink Daily Price Analyses – 9 August Roundup
Bitcoin price analysis: Consolidation yet to yield results as $24k resistance strong
How to Stake Apecoin: 6.10% APY on a 60-day staking period
How to Stake SNX: Unlimited Liquidity on the Synthetix Network

Follow Us

Industry News

BitMEX executive pleads guilty in court
Singapore’s crypto lender Hodlnaut shuts down
Celsius withdraws motion to rehire CFO at $92,000 a month
Crypto.com earns license of operation in South Korea
Elon Musk drags Twitter to court for fraud