Security News Bitcoin Website Issues "State-Sponsored Attack" Warning

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Crypto-currency aficionados navigating to the Bitcoin website yesterday were greeted by a grim security warning saying that the project's binary files, soon to be released, will most likely be targeted by "state sponsored attackers."

The project cites "reasons" that make it believe that the binary files used to run Bitcoin software on mining pools and exchange servers might be the target of cyber-attacks.

No! Nobody will DDoS a binary, but is likely that someone will try to hijack and replace the official files, either on the official website or during transit (download) to the user, tricking the target into installing a tainted version of the Bitcoin software.

Bitcoin Project fears future devastating attacks on its network
The Bitcoin Project fears that this could lead to theft of Bitcoin funds from user accounts that interact with the servers running the modified binaries.

Bitcoin administrators full-heartily admit that they don't have the necessary technical resources to fend off such sophisticated attacks.

They also fear that once compromised, these servers can be used in coordinated attacks against the entire Bitcoin network.

Bitcoin Project fears for its Chinese community the most
The project admins worry about attacks against the Chinese Bitcoin community. Chinese miners are currently dominating the Bitcoin market.

This comment on tech news portal Hacker News by Mozilla Services Security engineer Julien Vehent provides some context into what types of attacks could be carried out:

bitcoin.org does not implement HPKP. Any government that controls a CA can generate its own cert for bitcoin.org, hijack the site's IP and replace this page with their own fingerprint.

Jeremy Gladis, a senior network engineer, provides an interesting and more than revealing answer:

And China has a root CA under their control. I'm on my iPad at the moment so I can't provide the fingerprints of it right now, but I remember "un-trusting it" on all of my machines a long while back.

Below is the full announcement, including the mitigations people should take when downloading binaries from the official website. Bitcoin.org recommends that miners and other parties download and import its PGP key used to sign the official binaries.

Hide Bitcoin.org Security Warning
0.13.0 Binary Safety Warning
17 August 2016

Summary

Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.

In such a situation, not being careful before you download binaries could cause you to lose all your coins. This malicious software might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.

Mitigation

The hashes of Bitcoin Core binaries are cryptographically signed with this key.

We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries. This is the safest and most secure way of being confident that the binaries you’re running are the same ones created by the Core Developers.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top