0.13.0 Binary Safety Warning

[Lauda]

Summary

Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.

In such a situation, not being careful before you download binaries could cause you to lose all your coins. This malicious software might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.

Mitigation

The hashes of Bitcoin Core binaries are cryptographically signed with this key.

We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries. This is the safest and most secure way of being confident that the binaries you’re running are the same ones created by the Core Developers.

Currently found on Bitcoin.org. There seems to be a lack of information regarding this. Any information (speculative posts are likely to be removed due to be insubstantial)?

[1715276965]

1715276965

[1715276965]

1715276965

[1715276965]

1715276965

[Carlton Banks]

Currently found on Bitcoin.org. There seems to be a lack of information regarding this. Any information (speculative posts are likely to be removed due to be insubstantial)?

I find it a little odd that Core team (who presumably control Bitcoin.org?) could be at all certain about the origin or target of such a threat. If the threat itself is public, a simple hyperlink to the threat would suffice. If the threat is private, it depends a great deal on the status (and therefore also the identity) of the menace. Maybe the reference to China is only a reference to China's majority hashrate, and not to anything specific about the known threat.

[Lauda]

I find it a little odd that Core team (who presumably control Bitcoin.org?) could be at all certain about the origin or target of such a threat.

No. The people who have commit access/contribute to Bitcoin Core do not control Bitcoin.org. The people who work (or have commit access) on Bitcoin.org are Cobra, saivan, harding, etc. They are usually quite different from the Bitcoin Core team. From what I can understand so far, Cobra skipped the peer-review process around 2 hours ago and pushed this commit. Bitcoin-core-dev:

11:06 <achow101> what's up with this: https://bitcoin.org/en/alert/2016-08-17-binary-safety
11:06 <sipa> we don't know

[Carlton Banks]

I find it a little odd that Core team (who presumably control Bitcoin.org?) could be at all certain about the origin or target of such a threat.

No. The people who have commit access/contribute to Bitcoin Core do not control Bitcoin.org. The people who work (or have commit access) on Bitcoin.org are Cobra, saivan, harding, etc.

Not sure I have heard of those characters, with the possible exception of harding (if it's the harding from this forum, I haven't seen that user here in a while).

11:06 <achow101> what's up with this: https://bitcoin.org/en/alert/2016-08-17-binary-safety
11:06 <sipa> we don't know

Interesting. Sipa is way too involved to be unaware of such issues, so I smell potential drama.

[Lauda]

Not sure I have heard of those characters, with the possible exception of harding (if it's the harding from this forum, I haven't seen that user here in a while).

Well, they generally are only involved in website related work. As far as Cobra is concerned, they're anonymous (i.e. nobody really knows who they are - I don't remember who gave them commit access). I've added a Github link for the contributors.

Interesting. Sipa is way too involved to be unaware of such issues, so I smell potential drama.

From what I can gather on the public communication channels, nobody really knows what the reason behind this is. You can see the commit was pushed here:

Interesting information that may be relevant:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html

The GnuPG Project is pleased to announce the availability of new Libgcrypt and GnuPG versions to fix a critical security problem. Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.

Impact:

All Libgcrypt and GnuPG versions released before 2016-08-17 are affected on all platforms. A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely that the private key can be predicted from other public information. This needs more research and I would suggest not to overhasty revoke keys.

[MyBTT]

I currently have a backup 0.12.1 wallet in case my primary ledger wallet fails. Because of this, should I not download the next version of qt until this problem is solved? Or should I download from github and compile it myself?

[Lauda]

Because of this, should I not download the next version of qt until this problem is solved?

You shouldn't download the next version from the website until this resolves just to be sure. However, Bitcoin Core 0.13.0 is not ready yet (currently RC3).

Or should I download from github and compile it myself?

That's always the preferred option.

[bitkilo]

Summary

Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.

In such a situation, not being careful before you download binaries could cause you to lose all your coins. This malicious software might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.

Mitigation

The hashes of Bitcoin Core binaries are cryptographically signed with this key.

We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries. This is the safest and most secure way of being confident that the binaries you’re running are the same ones created by the Core Developers.

Currently found on Bitcoin.org. There seems to be a lack of information regarding this. Any information (speculative posts are likely to be removed due to be insubstantial)?

By the way the above is written it seem as though they may have an idea who will be leading these "state sponsored attacks"
They say they have a "reason to suspect" do we know what that reason is?

[MyBTT]

Summary

Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.

In such a situation, not being careful before you download binaries could cause you to lose all your coins. This malicious software might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.

Mitigation

The hashes of Bitcoin Core binaries are cryptographically signed with this key.

We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries. This is the safest and most secure way of being confident that the binaries you’re running are the same ones created by the Core Developers.

Currently found on Bitcoin.org. There seems to be a lack of information regarding this. Any information (speculative posts are likely to be removed due to be insubstantial)?

By the way the above is written it seem as though they may have an idea who will be leading these "state sponsored attacks"
They say they have a "reason to suspect" do we know what that reason is?

"State sponsored attacks"... From my understanding that would be implying that the bitcoin.org has info that a government has the intention to maliciously attack bitcoin, or are funding hackers?

After doing a little search, I can't find anything on what the "reason" is.

[Lauda]

They say they have a "reason to suspect" do we know what that reason is?

From what I know so far, the person who applied the change to the website has not provided (at least not public) an explanation.

"State sponsored attacks"... From my understanding that would be implying that the bitcoin.org has info that a government has the intention to maliciously attack bitcoin, or are funding hackers?

No. We are talking about stuff in the lines of MITM attacks; there are a different number of approaches that could be attempted here (someone mentioned SSL MITM with rogue certificates).

[Carlton Banks]

By the way the above is written it seem as though they may have an idea who will be leading these "state sponsored attacks"
They say they have a "reason to suspect" do we know what that reason is?

The text is specific about "state-sponsored attacks", and implies knowledge about both the origin and target of the attack. Extraordinary claims (not saying the requisite extraordinary proof doesn't exist, but I would like to see that proof for myself nonetheless). RNG bugs in GPG don't tell that story (and what a curious bug: like the Bash bug from last year, it's been in Linux for decades. Revoke all the keys!!!)

[unamis76]

Saw the warning and came here to post, when I saw this thread. I am very concerned about this, pretty curious on who's threatening Bitcoin binary distribution and what does it have to win with this...

[BitcoinNewsMagazine]

theymos on /r/bitcoin - https://www.reddit.com/r/Bitcoin/comments/4y8m76/0130_binary_safety_warning_bitcoinorg/d6m0z16

Here's a guide on verifying Bitcoin Core: https://www.reddit.com/r/Bitcoin/wiki/verifying_bitcoin_core

I've heard that almost nobody in the Chinese Bitcoin community verifies signatures. If anyone speaks Chinese, it'd be helpful to write a similar guide in Chinese and advertise this issue more.

Everyone should be on high alert when 0.13.0 is released. In fact, I recommend not even updating highly sensitive systems to 0.13.0 until at least 3-8 weeks after it's released.

I wouldn't blindly trust Linux package repositories. Oftentimes packages there are managed by relatively unknown volunteers, and there's not much oversight/checking.

[Quantus]

You should securely verify the signature and hashes before running any Bitcoin Core binaries. 


So just checking the hash is insufficient?

[theymos]

theymos on /r/bitcoin - https://www.reddit.com/r/Bitcoin/comments/4y8m76/0130_binary_safety_warning_bitcoinorg/d6m0z16

That guide for verifying Bitcoin Core is also available here: https://bitcointalk.org/index.php?topic=1588906.0 . I added a news entry pointing there as well.

I recommend taking this threat very seriously. It's possible that bitcoin.org has received bad info, or maybe the attackers will give up now that they've been outed, but it's better to assume that it is a real, serious threat.

And it's not just bitcoin.org that could be targeted. bitcointalk.org, /r/Bitcoin, individual Core devs, etc. could also be targeted. Triple-check everything. If any major sites get taken over, try to spread the word as quickly and widely as you can.

Of course, you should always be very careful and verify Bitcoin Core software (and other software!), but this is a reason to be especially careful.

So just checking the hash is insufficient?

You have to check the hash against some reference hash. The most secure way to make sure that the reference hash is reliable is to check that it's signed by someone you trust.

[AliceGored]

Sounds like laying the groundwork for a disinfo campaign when Chinese miners fork to a larger max blocksize. Sowing the seeds now to favor an adversarial mindset when it comes to plans coming from China.

Nah, I’m probably just wish thinking… More likely that “cobra” is just acting like a petty tyrant again, similar to the last time he showed up, wanting to edit satoshi’s whitepaper.

[Quickseller]

I recommend taking this threat very seriously.

--snip--

And it's not just bitcoin.org that could be targeted. bitcointalk.org, /r/Bitcoin, individual Core devs, etc. could also be targeted. Triple-check everything. If any major sites get taken over, try to spread the word as quickly and widely as you can.

Based on the message on bitcoin.org, it looks like the Chinese government would be behind the attack; is this a correct assumption?

Is the motive behind the (anticipated) attack known?

How might this state sponsored agency attack the Bitcoin network? Why would they need to infect existing Bitcoin users to attack the network? I would assume that most state sponsored (hacking) agencies would have budgets exceeding that of the market cap of bitcoin, and as a result would be able to launch attacks against the network without the help of malware infected machines.

[Bitcoinpro]

I recommend taking this threat very seriously.

--snip--

And it's not just bitcoin.org that could be targeted. bitcointalk.org, /r/Bitcoin, individual Core devs, etc. could also be targeted. Triple-check everything. If any major sites get taken over, try to spread the word as quickly and widely as you can.

Based on the message on bitcoin.org, it looks like the Chinese government would be behind the attack; is this a correct assumption?

Is the motive behind the (anticipated) attack known?

How might this state sponsored agency attack the Bitcoin network? Why would they need to infect existing Bitcoin users to attack the network? I would assume that most state sponsored (hacking) agencies would have budgets exceeding that of the market cap of bitcoin, and as a result would be able to launch attacks against the network without the help of malware infected machines.

Market cap could exceed these budgets within a matter of hours if the price jumped to say $5000 a coin and that's precisely what would happen if an attack like this occurred because

all of a sudden it would mean Bitcoin is very special, which we know it already is also dont forget the amount of coins out their through exchange leverage means total coin numbers

is in the 100's of millions,

[Bitcoinpro]

Can you explain this MIM attack more precisely, are you saying that data will be forged for a long time, would they need to attack both

sender and receiver at the same time, is this attack going after transactions or miners confirming transactions, and what kinds of alerts

will be prompted if the Binaries aren't correct,

[Quickseller]

I recommend taking this threat very seriously.

--snip--

And it's not just bitcoin.org that could be targeted. bitcointalk.org, /r/Bitcoin, individual Core devs, etc. could also be targeted. Triple-check everything. If any major sites get taken over, try to spread the word as quickly and widely as you can.

Based on the message on bitcoin.org, it looks like the Chinese government would be behind the attack; is this a correct assumption?

Is the motive behind the (anticipated) attack known?

How might this state sponsored agency attack the Bitcoin network? Why would they need to infect existing Bitcoin users to attack the network? I would assume that most state sponsored (hacking) agencies would have budgets exceeding that of the market cap of bitcoin, and as a result would be able to launch attacks against the network without the help of malware infected machines.

Market cap could exceed these budgets within a matter of hours if the price jumped to say $5000 a coin and that's precisely what would happen if an attack like this occurred because

all of a sudden it would mean Bitcoin is very special, which we know it already is also dont forget the amount of coins out their through exchange leverage means total coin numbers

is in the 100's of millions,

The point is that the absolute upper bound of the range of the cost of equipment that secures Bitcoin would be it's market cap (eg the value of all the miners, and the full nodes). I would think that a state sponsored actor could simply buy up their own mining equipment and full nodes if they wished to attack the network.

I also do not think the value of bitcoin would increase if this kind of attack took place, I would think the price would dramatically fall, especially if any substantial number of users (especially large companies) were successfully attacked.