A new post on the open-source Bitcoin.org website indicates its contributors have reason to believe the online resource may be targeted by malicious actors following an upcoming software release by Bitcoin Core developers.
Bitcoin.org contributor Cobra-Bitcoin published a post today in which he indicated that certain resources the website intends to post following the Bitcoin Core development update could be the target of unspecified “state-sponsored attackers”.
At issue, the post asserts, is that Bitcoin.org generally posts binaries, or executable software versions of Bitcoin Core software releases, for developers who do not want to compile the source code issued by the open-source development team.
The offering is aimed at developers who do not want to undertake the recommended Gitian build process by which developers are given source code that allows them to construct the executable code for use.
The post reads:
“As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.”
The post was published to the website without peer review, according to a representative of Bitcoin Core, meaning the message has not been subject to a typical feedback process.
Nonetheless, the update has created confusion about the safety of the release in the media, prompting comment from Bitcoin Core contributors.
“There’s absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point,” Bitcoin Core contributor Eric Lombrozo said in a statement.
The specific attack discussed would find Bitcoin.org users possibly subjected to a so-called man-in-the-middle attack by which an attacker could make their own version of these files, which could then be used to encourage users to download malicious software.
“This malicious software might also cause your computer to participate in attacks against the bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers,” the post continues.
At press time, Bitcoin.org representative Theymos was active on Reddit, where he was encouraging bitcoin developers to be on “high alert” during the upcoming software release.
Red light image via Shutterstock