Bitcoin.org, a self-reported objective information site in the Bitcoin space, has warned that the Bitcoin Core wallet — the official wallet of Bitcoin — is ripe for an attack.
“Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release [version 0.13.0] will likely be targeted by state sponsored attackers,” the website says in a post that does not elaborate which state may be be behind the threat or the nature of any attack.
Bitcoin.org is owned by the unpopular Theymos, who has weathered accusations of censorship on his BitcoinTalk and r/Bitcoin forums.
“As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.”
The website adds: “We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.”
According to Bitcoin.org, all this means that “not being careful before you download binaries could cause you to lose all your coins. This malicious software might also cause your computer to participate in attacks against the Bitcoin network.”
The website suggests using a “defence” by using the key used for Bitcoin Core hashes.
“We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries,” the advisory warns.
Core Contributor Says Warning Is Dubious
Bitcoin Core contributor Eric Lombrozo reached out to Register UK. He commented, “The maintainer of the bitcoin.org site (which is unaffiliated with the Bitcoin Core project itself) posted an advisory of an apparent threat he’s been informed about — without consulting anyone else. Why this was done is uncertain, but verifying cryptographic signatures for builds is generally recommended practice in any case.”
Lombrozo added: “There’s absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point. Perhaps certain sites where people download the binaries could end up getting compromised, but let’s not unnecessarily spread paranoia about the Bitcoin Core binaries themselves.”
For exactly this reason, alternatives have sprouted as information hubs for Bitcoin, like We Use Coins. Other Bitcoin information hubs BitcoinTalk and r/Bitcoin have also been accused of providing misleading information to “Bitcoin noobies.” The community responded by launching their own alternative: Bitcoin.com and r/BTC, which have been steadily increasing in size ever since, marking a shift in where some of those in the Bitcoin industry receive their main source of information.
What do you think about the warning from Bitcoin.org? Let us know in the comments below!
Cover image courtesy of Tab Trader.