Bitcoin Forum
November 06, 2024, 05:57:13 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: A Mysterious Message Is Warning Bitcoiners About a 'State Sponsored' Attack  (Read 502 times)
BADecker (OP)
Legendary
*
Offline Offline

Activity: 3962
Merit: 1382


View Profile
August 19, 2016, 09:01:17 PM
 #1

A Mysterious Message Is Warning Bitcoiners About a 'State Sponsored' Attack





The next version of Bitcoin Core, one of the most popular bitcoin wallets in existence, might be replaced with a malicious version courtesy of government-backed hackers, a warning on Bitcoin.org, the site that hosts downloads for Core, states.

The message, posted on Wednesday, warns that the site could be compromised by "state sponsored attackers" so that anybody downloading an upcoming version of the Bitcoin Core wallet, which people use to store their bitcoin, will actually be given a hacked version of the software. In particular, the alert encourages Chinese bitcoin users and services to be vigilant "due to the origin of the attackers."

"In such a situation, not being careful before you download [the software] could cause you to lose all your coins," the alert on Bitcoin.org states. "This malicious software might also cause your computer to participate in attacks against the Bitcoin network."

If a government, or anybody else, were to compromise Bitcoin.org and disseminate a malicious copy of Bitcoin Core to enough people, it could be a crippling attack on bitcoin unlike any we've seen before, siphoning millions and millions of dollars out of the market. If the warning on Bitcoin.org is based on fact, it could be very serious.

"So long as you check signatures properly, even a state sponsored attacker would have a hard time compromising a [...] build of the Bitcoin Core software"

Bitcoin.org is maintained as an open-source project, meaning that a slew of contributors can upload a page to the site, and it has a peer review system for posts. The contributor who uploaded the alert, "Cobra-Bitcoin," is understood to be in control of Bitcoin.org, Core developer Peter Todd told me in an encrypted message, and so they were able to bypass the peer review process for posts to the site.

Core developer Eric Lombrozo told The Register that "there's absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point."

However, it's worth noting that in order to serve someone a fake version of Bitcoin Core, an attacker only needs to compromise the Bitcoin.org site, or fake a cryptographic certificate that would allow them to intercept someone's encrypted HTTPS connection to Bitcoin.org and replace the real download with a hacked one without anybody noticing. This is known as a man-in-the-middle attack.

To mitigate the effects of a possible hack, the post on Bitcoin.org encourages users to verify that the Bitcoin Core version they download hasn't been tampered with by checking it against a cryptographic key that marks official software as being created by the team of legitimate Core developers.

"So long as you check signatures properly, even a state sponsored attacker would have a hard time compromising a [...] build of the Bitcoin Core software," Todd wrote me in a message.

Verifying software is a fairly standard security practice, and so suggesting that users take this precaution doesn't indicate any sort of malice on the part of Cobra-Bitcoin, unless their intent is simply to sow chaos and paranoia about the next Bitcoin Core release.


Read more at http://motherboard.vice.com/read/a-mysterious-message-is-warning-bitcoiners-about-a-state-sponsored-attack.


Read more at Bitcoin.org at https://bitcoin.org/en/alert/2016-08-17-binary-safety.


Cool

Covid is snake venom. Dr. Bryan Ardis https://thedrardisshow.com/ - Search on 'Bryan Ardis' at these links https://www.bitchute.com/, https://www.brighteon.com/, https://rumble.com/, https://banned.video/.
unamis76
Legendary
*
Offline Offline

Activity: 1512
Merit: 1012


View Profile
August 19, 2016, 09:04:23 PM
 #2

There's already a thread about this.
XCASH
Legendary
*
Offline Offline

Activity: 929
Merit: 1000


View Profile
August 19, 2016, 09:05:37 PM
 #3

There's already a thread about this.

Lauda started one two days ago, and theymos stickied another thread explaining how to verify if downloaded binaries are legit. There's been no compromise to the Bitcoin core binaries, it's a warning that hackers might try a man in the middle attack when someone tries to download them via bitcoin.org.

https://bitcointalk.org/index.php?topic=1588866.0
unamis76
Legendary
*
Offline Offline

Activity: 1512
Merit: 1012


View Profile
August 19, 2016, 09:07:00 PM
 #4


Correct, I was editing my post with the link Cheesy Thanks.
BADecker (OP)
Legendary
*
Offline Offline

Activity: 3962
Merit: 1382


View Profile
August 19, 2016, 09:14:25 PM
 #5

What's another thread? There are warnings all over the world about how to handle your credit cards and online bank account. And Bitcoin is way more important.

Cool

Covid is snake venom. Dr. Bryan Ardis https://thedrardisshow.com/ - Search on 'Bryan Ardis' at these links https://www.bitchute.com/, https://www.brighteon.com/, https://rumble.com/, https://banned.video/.
Meuh6879
Legendary
*
Offline Offline

Activity: 1512
Merit: 1012



View Profile
August 19, 2016, 09:24:22 PM
 #6

If you don't want this problem ... post binaries -executables !- on the main developper site : https://github.com/bitcoin/bitcoin/releases

 Roll Eyes i don't have a compiler to use a "source" code ...
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
August 19, 2016, 09:30:56 PM
 #7


Uh-oh, it appears as if Motherboard/Vice are ripping off someone else's journalistic copy.

Vires in numeris
achow101
Staff
Legendary
*
Offline Offline

Activity: 3542
Merit: 6886


Just writing some code


View Profile WWW
August 19, 2016, 09:36:21 PM
 #8

If you don't want this problem ... post binaries -executables !- on the main developper site : https://github.com/bitcoin/bitcoin/releases

 Roll Eyes i don't have a compiler to use a "source" code ...

The main site is actually https://bitcoincore.org/. The developers don't like having everything in the same place (i.e. github). It makes it a central point of failure and a huge target for attacks.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!