-----BEGIN PGP SIGNED MESSAGE-----
Yesterday a GitHub issue about mismatching hashes coming from this website was opened (
). A quick investigation found that
the binaries of the CLI wallet had been compromised and a malicious version was being
served. The problem was immediately fixed, which means the compromised files were online
for a very short amount of time. The binaries are now served from another, safe, source.
See the Reddit post by core team member binaryFate:
It's strongly recommended to anyone who downloaded the CLI wallet from this website
between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries. If
they don't match the official ones, delete the files and download them again. Do not
run the compromised binaries for any reason.
We have two guides available to help users check the authenticity of their binaries:
Verify binaries on Windows beginner (
Verify binaries on Linux, Mac, or Windows command line advanced (
hashes can be found here: https://getmonero.org/downloads/hashes.txt
The situation is being investigated and updates will be provided soon.
The Monero community
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----