Bitcoin.org gives red alert on expected Bitcoin Core hack

Filter search

Details: Category: News; Published: 18 August 2016; Hits: 2242

The website has warned users about a possible state-induced cyberattack aimed at the binaries of the new Bitcoin Core version.

Bitcoin community members, especially from China, are asked to be careful when downloading the binaries from the site.

“We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers,” the announcement says.

The author of the post Cobra-Bitcoin remarks that users’ negligence may result in a loss of all their bitcoins. Also, the malware may involve the infected computer into further cyberattacks against the network (a man-in-the-middle attack).

The article provides a link to a digital key that cryptographically signs hashes of Bitcoin Core binaries. Cobra-Bitcoin recommends to save it and check for the presence of a fingerprint also given in the text before you start downloading.

The Core developers, however, have shown a mixed reaction to the announcement. Some of them point out that the alert was not peer reviewed prior to publication, which means it does not represent the whole team’s opinion. A Bitcoin Core contributor Eric Lombroso argued that

“There’s absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point.”

In the dedicated Reddit thread, user kanzure agreed with the need for caution measures and advised to issue the warning in the Chinese language, but condemned the publication of the key and the fingerprint on the site, which itself may be easily compromised. He advised being “cautious of anyone skipping peer review processes, even for security incidents” and recommended using “multiple independent uncorrelated channels to look at sources of information to acquire keys, fingerprints, binaries/builds, and signatures.” This is due to the fact that “in a man-in-the-middle attack, yes the adversary would want to replace any text related to the previous key with text related to another (adversarial) key that they control instead. It’s important for everyone to verify through multiple independent uncorrelated channels.”

Another user, sq66, advised to consider hardware bitcoin wallets, such as TREZOR, which are able to keep bitcoins safe even if the user’s computer is compromised.

“This should serve as a reminder that you should never download Bitcoin binaries, period. Much better to use apt-get to be sure you're getting the source directly from it’s repository,” says crispix24.

A safer alternative to using binaries is the Gitian Building process, which is recommended by the Core developers to compile executable files from the source code provided.

Lyudmila Brus

Bitcoin ransomware war: a group behind Cryptowall secured $325 million, Coinvault proclaimed “dead”

A report by Cyber Threat Alliance suggests a single group of hackers stand behind the most efficient bitcoin ransomware Cryptowall 3.0, while Kaspersky lab announces the Coinvault and Bitcryptor case closed after publishing all 14,000 decryption keys.

Bitcoin Price Graph

Filter search

Bitcoin.org gives red alert on expected Bitcoin Core hack

Related News

Russian bank declined to pay 1,636 bitcoins as a ransom to hackers

Correspondence of high-ranking Ukrainian officials is sold for bitcoins

Security provider causes disruption on bitcoin exchanges

Bitfinex hack raises concerns over multisig technology

Bitcoin ransomware war: a group behind Cryptowall secured $325 million, Coinvault proclaimed “dead”