Bitcoin developers suspect site being targeted by 'state-sponsored hackers'

Bitcoin developers suspect that "state-sponsored hackers" might be targeting the site and Bitcoin Core binaries. The researchers also warned Chinese users to be "extra vigilant" when downloading from the site - bitcoin.org. Bitcoin Core refers to the software that is used by Bitcoin miners to validate all transactions made on the network.

The developers said in a post: "Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state-sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website."

They also warned that not exercising caution when downloading binaries from the site could lead users to "lose all your coins". Users were warned that malicious software used by hackersmay "cause your computer to participate in attacks against the Bitcoin network".

The developers added: "We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers." However, it is still unclear as to who the developers suspect of targeting and attacking their systems.

A Bitcoin Core contributor, Eric Lombrozo, told the Register: "The maintainer of the bitcoin.org site (which is unaffiliated with the Bitcoin Core project itself) posted an advisory of an apparent threat he's been informed about - without consulting anyone else. Why this was done is uncertain, but verifying cryptographic signatures for builds is generally recommended practice in any case.

"There's absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state-sponsored attackers that we know of at this point. Perhaps certain sites where people download the binaries could end up getting compromised, but let's not unnecessarily spread paranoia about the Bitcoin Core binaries themselves."

Bitcoin developers also urged users to use the cryptographically signed key, which is used to sign Bitcoin Core hashes. "We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries. This is the safest and most secure way of being confident that the binaries you're running are the same ones created by the Core Developers," the developers said.