The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post.
The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes.
On GitHub, a professional investigator said that the software distributed after the server was compromised is indeed malicious, stating that the malicious binary is stealing coins. Roughly 9 hours after running the binary a single transaction had drained the wallet. The build was downloaded yesterday around 6 pm Pacific time.
Hashes are non-reversible mathematical functions which, in this case, are used to generate an alphanumeric string from a file that would have been different if someone was to make changes to the file.
It is a popular practice in the open-source community to save the hash generated from software available for download and keep it on a separate server. Thanks to this measure, users can generate a hash from the file they downloaded and check it against the expected one.