The official Monero website (XMR), GetMonero.com, was hacked: users downloaded malware aimed at stealing currency instead of a privacy-oriented wallet.
According to Ars Technica, it was discovered that GetMonero was hacked on November 19, when the user noticed that the hash from the downloaded XMR wallet did not match the hash indicated on the site. The user nikitasius posted on GitHub a message detailing the various hashes, which was confirmed by other members of the community.
An inappropriate hash was identified as the result of an attack on GetMonero users. Users who downloaded the wallet from the site were at risk of theft of cryptocurrency.
GetMonero quickly issued a warning:
PSA: We've posted an announcement regarding the potentially compromised CLI v0.15.0.0 binaries on our website.https://t.co/rLnN8HrJ1d— Monero || #xmr (@monero) November 19, 2019
Despite the rapid detection of vulnerabilities, some users were affected. One of them wrote a post on Reddit, in which he talked about the loss of $7,000 from his wallet after downloading a malicious client malware.
Image courtesy of: the Merkle