Warning: The binaries of the CLI pockets have been compromised for a short while
November 19, 2019
Yesterday a GitHub subject about mismatching hashes coming from this web site was opened. A fast investigation discovered that the binaries of the CLI pockets had been compromised and a malicious model was being served. The issue was instantly mounted, which implies the compromised recordsdata have been on-line for a really brief period of time. The binaries are actually served from one other, protected, supply. See the reddit publish by core staff member binaryfate.
It is strongly really helpful to anybody who downloaded the CLI pockets from this web site between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to examine the hashes of their binaries. If they do not match the official ones, delete the recordsdata and obtain them once more. Don’t run the compromised binaries for any cause.
We have now two guides obtainable to assist customers examine the authenticity of their binaries: Confirm binaries on Home windows (newbie) and Confirm binaries on Linux, Mac, or Home windows command line (superior). Signed hashes could be discovered right here: https://getmonero.org/downloads/hashes.txt.
The state of affairs is being investigated and updates will probably be offered quickly.
The Monero neighborhood
Submit tags : Bulletins
Read the original article here