Bitcoin.org Warns of Attacks Amid Upcoming Bitcoin Software Release

A new post on the open-source Bitcoin.org website indicates its contributors have reason to believe the online resource may be targeted by malicious actors following an upcoming software release by Bitcoin Core developers.

Bitcoin.org contributor Cobra-Bitcoin published a post today in which he indicated that certain resources the website intends to post following the Bitcoin Core development update could be the target of unspecified "state-sponsored attackers".

At issue, the post asserts, is that Bitcoin.org generally posts binaries, or executable software versions of Bitcoin Core software releases, for developers who do not want to compile the source code issued by the open-source development team.

The offering is aimed at developers who do not want to undertake the recommended Gitian build process by which developers are given source code that allows them to construct the executable code for use.

The post reads:

"As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website."

The post was published to the website without peer review, according to a representative of Bitcoin Core, meaning the message has not been subject to a typical feedback process.

Nonetheless, the update has created confusion about the safety of the release in the media, prompting comment from Bitcoin Core contributors.

"There's absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point," Bitcoin Core contributor Eric Lombrozo said in a statement.

The specific attack discussed would find Bitcoin.org users possibly subjected to a so-called man-in-the-middle attack by which an attacker could make their own version of these files, which could then be used to encourage users to download malicious software.

"This malicious software might also cause your computer to participate in attacks against the bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers," the post continues.

At press time, Bitcoin.org representative Theymos was active on Reddit, where he was encouraging bitcoin developers to be on "high alert" during the upcoming software release.

Red light image via Shutterstock

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Pete Rizzo

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.