It all seems like a nightmare, the GetMonero crypto trading website has been hacked by a yet to be identified hacker. The hacker who gained unauthorized access to the platform then quietly made an exchange for Linux and Windows binaries with download with a number of duplicated hazardous versions; with an intention of being able to steal from users' wallets.
Following the unwarranted changes made by the hacker, it became known to the public when a user realized that the hashes for binaries which he'd downloaded were contradicting that which was on the site. Subsequently, this pushed the Monero team into a series of investigations that later turned out to be true that their official website, GetMonero.com, had been tampered with.
GetMonero Security Team Response
Although, it is yet to be known how the hacker was able to gain secret access to the platform. However, following analysis done by the security research team, users who downloaded the CLI on Monday 18th between 02:30 am and 04:30 pm already have their wallets tampered with.
Following an instantaneous investigation, the Monero team today also confirmed that its website, GetMonero.com, was indeed compromised, potentially affecting users who downloaded the CLI wallet between Monday 18th, 2:30 am UTC and 4:30 pm UTC.
Technically, Monero research team has tried to figure out possible means through which the hacker could have released the malicious functions. They realized that it was through the binaries whenever a new user creates an account. The hacker had made a refurbish of that exact binary and programmed it automatically, so as to receive users' wallets and send it to a remotely controlled server. This allows the attacker to steal funds easy without any stress.
Following this attack and series of investigation, a researcher makes a researcher with Monero said: “As far as I can see, it doesn't seem to create any additional files or folders – it just steals your seed and tries to exfiltrate funds from your trading wallet.”
While there still remains some humming in the air of either a user had made any loss or not. A GetMonero user on Reddit claims to have lost digital assets worth $7000 to the hacker, after installing the malicious Linux binary.
The user wrote to Monero board, saying, “I can confirm that the malicious binary is stealing coins.
About hours after I ran the binary, a single transaction drained my wallet of all $7000.
I downloaded the build yesterday around 6 pm Pacific Standard Time.”
For all users safety, Monero officials have set up a different server that is still safe, although, for a short time. They also strongly advise that users should check the hashes in their binaries, if it looks suspicious or different from the one from the website, they should not run it for any reason.