Bitcoin.org Warns of Attacks Amid Upcoming Bitcoin Software Release

A new post to the Bitcoin.org website indicates its contributors have reason to believe it may soon be targeted by malicious actors.

AccessTimeIconAug 18, 2016 at 4:38 a.m. UTC
Updated Sep 11, 2021 at 12:27 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A new post on the open-source Bitcoin.org website indicates its contributors have reason to believe the online resource may be targeted by malicious actors following an upcoming software release by Bitcoin Core developers.

Bitcoin.org contributor Cobra-Bitcoin published a post today in which he indicated that certain resources the website intends to post following the Bitcoin Core development update could be the target of unspecified "state-sponsored attackers".

At issue, the post asserts, is that Bitcoin.org generally posts binaries, or executable software versions of Bitcoin Core software releases, for developers who do not want to compile the source code issued by the open-source development team.

The offering is aimed at developers who do not want to undertake the recommended Gitian build process by which developers are given source code that allows them to construct the executable code for use.

The post reads:

"As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website."

The post was published to the website without peer review, according to a representative of Bitcoin Core, meaning the message has not been subject to a typical feedback process.

Nonetheless, the update has created confusion about the safety of the release in the media, prompting comment from Bitcoin Core contributors.

"There's absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point," Bitcoin Core contributor Eric Lombrozo said in a statement.

The specific attack discussed would find Bitcoin.org users possibly subjected to a so-called man-in-the-middle attack by which an attacker could make their own version of these files, which could then be used to encourage users to download malicious software.

"This malicious software might also cause your computer to participate in attacks against the bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers," the post continues.

At press time, Bitcoin.org representative Theymos was active on Reddit, where he was encouraging bitcoin developers to be on "high alert" during the upcoming software release.

Red light image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.