Another day, another crazy bitcoin story.
This time: Users are being warned that an upcoming release of digital currency could be targeted by “state-sponsored hackers.”
Popular bitcoin information site Bitcoin.org has been updated with a message urging users to take care when updating their software: “Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.”
Bitcoin is open-source, meaning that anyone can download the code that powers the digital currency themselves and compile it into software. But ordinary users without the time (or technical know-how) can just download binaries — pre-compiled versions of the software that do not require any special knowledge to run.
The contributor to Bitcoin.org is worried that these binaries might be targeted: “If an attacker could intercept and secretly modify the files, it could compromise users who unwittingly install them. The attacker could potentially steal the victims’ bitcoins, or use their machine in a “51% attack,” which attempts to take control of the majority of the bitcoin network.
There is no word on the evidence behind the Bitcoin.org contributor’s suspicions, nor do we know which country is behind the supposed forthcoming attack — or even what its end goal is.
“In such a situation, not being careful before you download binaries could cause you to lose all your coins,” the site says. “This malicious software might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.”
Complicating matters, it sounds like the person who updated the site did it by themselves. Eric Lombrozo, a contributor to Bitcoin Core, told The Register: “The maintainer of the bitcoin.org site (which is unaffiliated with the Bitcoin Core project itself) posted an advisory of an apparent threat he’s been informed about — without consulting anyone else.”
Lombrozo went on: “There’s absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point. Perhaps certain sites where people download the binaries could end up getting compromised, but let’s not unnecessarily spread paranoia about the Bitcoin Core binaries themselves.”
In short: There’s an ominous warning of an impending government hack attack, but with no evidence to substantiate it (yet), and others in the community are expressing scepticism.
For bitcoin, with its outrageous history of hacks, paranoia, and confusion, this is all par for the course.