tag-security
tag-security copied to clipboard
cncf
Add Monero to Supply Chain Compromises
This curated list of Supply Chain Compromises is awesome, thanks for maintaining it!
- https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises
I noticed that the Monero wallet's compromised release from 2019-11-18 is not listed in this repo.
- https://github.com/monero-project/monero/issues/6151
Considering that Monero is widely considered to be the most popular/secure privacy cryptocurrency, it's easily one of the most security-critical packages that you wouldn't want to become victim to supply chain attacks..
Fortunately, they did have release signing in-place, so users were quickly able to identify the issue and address it. But it's yet another cautionary tale for project maintainers that blindly trust their infrastructure.
Further reading on this incident:
- https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
- https://old.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/
- https://thehackernews.com/2019/11/hacking-monero-cryptocurrency.html
This issue has been automatically marked as inactive because it has not had recent activity.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
@maltfield thanks for opening the issue - would you be willing to make a PR for this?
This issue has been automatically marked as inactive because it has not had recent activity.
This issue has been automatically marked as inactive because it has not had recent activity.
sorry that i missed this - i added a comment and updated the branch.
Once we address the comments and CI passes ill merge it!