Monero Core Team issues security warning: CLI binary files are damaged, users must check in time

Source: Xiaocong APP

According to a post, some Monero users noticed that the hash of the downloaded binary did not match the expected result. The issue was first exposed 15 hours ago and as of now, it is still unresolved.

u/binaryFate said, "It seems that the framework is indeed compromised, and different CLI binaries were saved for 35 minutes. Users can currently download files from safe alternative sources. However, users who have downloaded files in the last 24 hours should promptly check the integrity of the binary files."

Monero core team members also requested users not to run them in case the hashes don’t match.

In the case where the binary file has been run, the XMR core team members ask users to use the safe version of the Monero wallet to transfer funds from all open wallets. If the hash value does not match the file, please do not allow the file to be downloaded; if the file has been run, users must immediately transfer funds to the safe version of the Monero wallet, and the operation also needs to pay attention to checking the hash value.

The wallets could be malicious executables, the member added. “The network we’re talking about is secure — but watch out for the hashes.”

The moderator also stated that more information will be released in a timely manner, and several people are currently investigating to figure out the problem. In addition, a member of the Monero core team also shared a link to the correct hash value.

As previously reported by Xiaocong, on November 5, Monero officially announced that the CLI v0.15.0.0 Carbon Chamaeleon has been marked on Github. It is reported that the release of the binary file will also be executed within a few days; at the same time, the GUI v0.15.0.0 version will also be marked soon.

Then on November 9, Monero officially announced that the CLI v0.15.0.0 Carbon Chamaeleon has been released. Users, service providers, merchants, mining pools or exchanges need to run this version to be fully prepared for the planned protocol upgrade on November 30.