Developers of the anonymous cryptocurrency Monero (XMR) have confirmed that the binary files of the official Client of the network on the site getmonero.org were substituted for 35 minutes in the last 24 hours.
“The package was indeed compromised and other people’s executable CLI files were issued within 35 minutes. At the moment, the problem is solved, the download is from a secure backup source,” they write
developers on Reddit.
At the same time, it was only thanks to vigilant users that file substitution was detected — they checked the hashes of the client components and it turned out that they did not match the hashes of the developers.
The project team is investigating the incident and will inform the public about the progress of the process. However, they strongly recommend that anyone who downloaded executable files in the last 24 hours check the file hashes, and if they do not match, do not run them. If the files were started, then you need to move all XMR from the wallet to obviously secure wallets, or create such a wallet on a verified version of the client on another computer.
Earlier it was reported that Monero plans to switch to the new proof-of-work (PoW) algorithm by the end of October. The algorithm, called RandomX, will prevent the use of ASIC miners. The update is delayed, but should have been activated before the end of November.
Interestingly, the other day the group Dragonfly Research found
the ability to reveal the senders and recipients of up to 96% of transactions in the blockchain of another anonymous cryptocurrency — Grin. This coin is based on the Mimblewimble Protocol, which is slightly inferior to Monero and ZCash in the level of anonymity.