Monero website hacked, official wallet compromised
Don't panic, unless this issue affects you. If it does, some panic is encouraged.
First things first:
- If you downloaded the CLI wallet from the official Monero website on Monday 18 November, between 2.30am and 4.30pm UTC, you should immediately get funds out of the wallet and check the hashes of the binaries and make sure they match the official ones.
- The issue has been resolved.
Second things second:
Monero developers have confirmed that the binaries of the official Monero CLI wallet were compromised.
What happened is someone managed to put some malicious files on the Monero website, so people who downloaded the wallet from the website were served with an infected wallet. Early analysis reportedly suggests it's a coin stealer, which sends the user's seed to an unknown party.
Anyone who downloaded the wallet from the Monero website, ran it without checking the binaries, and put funds into their wallet, may find those funds missing. The issue was spotted quickly, by users who did check the binaries.
It's not clear whether anyone was affected by this.
In this case, verifying the binaries means comparing the downloaded version of the wallet with another clean one, to make sure they both match. If they do not match, it means one of them has been compromised, and it's probably the one you just downloaded.
In this case, Monero's clean comparison version comes from Monero lead developer Riccardo "FluffyPony" Spagni's GPG key. It's basically an encrypted source of truth, which theoretically can't be tampered with.
Centralised points of failure
This issue highlights the security issues that emerge where centralised and decentralised systems clash.
Blockchains are theoretically hack-proof, but engaging with them still requires people to go through a number of centralised points, such as individual websites and GitHub repositories which may be altered.
The hacking of the Monero website is an example of how problematic these centralised elements can be. But the speed with which the problem was identified is also an example of how effective counter-measures can be.
Monero's counter-measures take the form of decentralisation, of sorts. The binaries are hosted in multiple places (GitHub, the Monero website, etc), as are the clean comparison binaries. The idea is that even if someone manages to hack one location, as happened here, they can't hack everything.
So, as long as you follow the rules that everything should be distributed across multiple places, that everything should match, and that you always check to make sure everything matches, it should all theoretically be perfectly secure.
This system is extremely inconvenient, it shifts an enormous burden onto the end user, and it means a certain level of technical competence is required for someone to actually be reasonably certain they aren't about to have their wallet hacked. But as things stand, that's the price of security.
One might be tempted to look at this incident as a black mark, and there's a natural tendency to ask what can be done to prevent it from happening again, but as FluffyPony said, even if you change it up and stop trusting the website, all you're really doing is shifting the point of failure to another compromisable point.
In the context of centralised vs decentralised security, it's worth looking at some other incidents where malicious wallets, or entirely malicious cryptocurrency exchanges, were served to users, and how urging end users to verify the validity of service for themselves could have helped.
- Waves DEX: Someone forged the Waves CEO's passport, and used it to trick the web hosting company into replacing the real Waves DEX with a fake.
- SysCoin: Someone hacked a SysCoin developer's GitHub account, and used that access to put a malicious wallet in place of the official one.
- EtherDelta: Someone bought the founder's email address and phone number online, then used that information to access their CloudFlare account and redirect the real EtherDelta website to a fake coin-stealing version.
- EOS: First someone hacked the Block.One Zendesk support system and sent phishing emails to all users. Secondly, just days before the EOS mainnet launch someone found that they could send malicious files to an EOS supernode, which would cheerfully send it to all other leading nodes, thereby letting someone completely hack the entire EOS blockchain.
- Bitcoin Gold: Playing the long game, a well-trusted Bitcoin developer scored an early retirement by creating a compromised wallet to serve as the official version at the time of the Bitcoin Gold fork.
In all cases, the only real solution is to urge end users to take responsibility for their own security.
Of course, the end user is also a centralised point of failure, as is just about everything they touch. For example, Russian state-sponsored hackers got at Olympic officials by hacking the officials' hotel Wi-Fi at the 2016 Olympics.
Any kind of public Wi-Fi, airport USB chargers and just about everything else in the world still presents a centralised point of potential failure, as is the concept of trust itself. FluffyPony and other Monero developers could probably find a few ways to steal user funds if they really wanted.
Decentralisation ain't easy.
Disclosure: The author holds BNB, BTC at the time of writing.