Monero’s Website Was Hacked to Distribute Crypto-Stealing Malware

Michael LaVere
  • Monero's official website GetMonero.com was hacked and caused users to download malware.
  • Monero's team responded to the situation, warning users to confirm the hashes on their wallet binaries. 

The official website for Monero (XMR), GetMonero.com, has been hacked and caused users to download cryptocurrency stealing malware when attempting to obtain the privacy-centric cryptocurrency's wallet. 

According to a report by Ars Technica, GetMonero was discovered to have been hacked on Nov. 19 when a user noticed that the hash from the downloaded XMR wallet did not match the one listed on the site. User nikitasius published a post on GitHub detailing the different hashes, which was confirmed by other members of the community. 

Rather than being an error, the mismatched hash was determined to be the result of an attack on users of GetMonero. Users who downloaded the wallet from the website were put at risk of a cryptocurrency-stealing malware.

GetMonero promptly issued a warning, telling community members, 

It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason.

One unfortunate Reddit user detailed losing $7,000 from his wallet after downloading the malicious client, 

I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained my wallet of all $7000. I downloaded the build yesterday around 6pm Pacific time.

Featured Image Credit: Photo via Pixabay.com

Over 5,000 Ugandan Citizens File Petitions Over Cryptocurrency Scam

Michael LaVere
  • Over 5,000 Ugandan citizens petitioned Parliament to issue a refund over funds lost in Dunamiscoins Resource Ltd. closure.
  • Cryptocurrency firm shuttered operation in late December, reportedly taking UGX 23 billion in client funds. 

Over 5,000 Ugandan citizens have petitioned Parliament following a high-profile scam by cryptocurrency firm Dunamiscoins Resource Ltd. 

According to a report by KMA Updates, more than 5,000 Ugandans submitted a petition seeking a refund over money invested in Dunamiscoins, which suddenly shuttered in December 2019. The fraudulent crypto firm billed itself as a privately owned company and claimed it was committed to providing complimentary crypto services to banks in order to benefit the low income and poor. 

In late 2019, Dunamiscoins’s bank account was suddenly frozen, with petitioners arguing that more than UGX 23 billion ($6.2 million) in client funds was locked in the firm. 

Arthur Asiimwe, de facto leader of the petitioners, told the Speaker and members of Parliament, 

[The] government licensed this company and gave it the go-ahead to work as a non-deposit taking financial institution; it carried out its duties as a microfinance company. They gave unrealistic bonuses.

Asiimwe and other petitioners argued that Dunamiscoins was operating as a microfinance company despite being registered as a non-deposit financial institution. While two of the company’s three directors have been arrested, Managing Director Susan Awoni remains at large. 

Asiimwe continued, 

We are not satisfied with what the Police report that they have failed to arrest the third director. We request that the Financial Intelligence Authority follows this up and trace where the money is and we are refunded.

Featured Image Credit: Photo via Pixabay.com