Bitcoin.org is warning that the Bitcoin Core, the as-close-to-official-as-it-gets version of Blockchain consolidation software and Bitcoin wallets, has likely been compromised.
“Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release [version 0.13.0] will likely be targeted by state sponsored attackers,” the organisation says in a post that does not elaborate which state may be be behind the threat or the nature of any attack.
“As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.”
The warning makes oblique references to China, saying “We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.”
The potential problems with Bitcoin Core mean “not being careful before you download binaries could cause you to lose all your coins. This malicious software might also cause your computer to participate in attacks against the Bitcoin network.”
A suggested defence is to employ only the key used to sign Bitcoin Core hashes.
“We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries,” the advisory says.
Bitcoin.org is not an official organ of Bitcoin, instead offering a hub for development of the Bitcoin Core. We therefore presume that the site’s publishers speak with some authority, but as it offers no way to contact its operators we’ve attempted to contact The Bitcoin Foundation to seek its take on this announcement. But the Foundation’s contacts mechanism has a mis-firing CAPTCHA that has repelled all our attempts at sending a message.
The Register will keep trying to learn more about this warning! ®
Global DDoS threat landscape report