Warns of Attacks Amid Upcoming Bitcoin Software Release

A new post to the website indicates its contributors have reason to believe it may soon be targeted by malicious actors.

AccessTimeIconAug 18, 2016 at 4:38 a.m. UTC
Updated Sep 11, 2021 at 12:27 p.m. UTC

A new post on the open-source website indicates its contributors have reason to believe the online resource may be targeted by malicious actors following an upcoming software release by Bitcoin Core developers. contributor Cobra-Bitcoin published a post today in which he indicated that certain resources the website intends to post following the Bitcoin Core development update could be the target of unspecified "state-sponsored attackers".

At issue, the post asserts, is that generally posts binaries, or executable software versions of Bitcoin Core software releases, for developers who do not want to compile the source code issued by the open-source development team.

The offering is aimed at developers who do not want to undertake the recommended Gitian build process by which developers are given source code that allows them to construct the executable code for use.

The post reads:

"As a website, does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website."

The post was published to the website without peer review, according to a representative of Bitcoin Core, meaning the message has not been subject to a typical feedback process.

Nonetheless, the update has created confusion about the safety of the release in the media, prompting comment from Bitcoin Core contributors.

"There's absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point," Bitcoin Core contributor Eric Lombrozo said in a statement.

The specific attack discussed would find users possibly subjected to a so-called man-in-the-middle attack by which an attacker could make their own version of these files, which could then be used to encourage users to download malicious software.

"This malicious software might also cause your computer to participate in attacks against the bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers," the post continues.

At press time, representative Theymos was active on Reddit, where he was encouraging bitcoin developers to be on "high alert" during the upcoming software release.

Red light image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.