Bitcoin is warning users that it is likely being targeted by state-sponsored attackers.
The virtual currency also said that it doesn’t have adequate protections against such an onslaught, which it thinks is aimed at the binaries for the upcoming release of Bitcoin Core, its optimized wallet software. As such, users are open to robbery.
“As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this caliber,” the organization said in a website notice. “We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.”
Bitcoin Core is programmed to decide which block chain contains valid transactions. The users of Bitcoin Core only accept transactions for that block chain. The idea is to improve security through decentralization—users each individually run their own Bitcoin Core full nodes, and each of those full nodes separately follows the exact same rules to decide which block chain is valid. The individual software instances follow identical rules to evaluate identical blocks and come to identical conclusions about which block chains are valid.
The end goal is to allow users to accept only valid bitcoins, enforcing Bitcoin’s rules against even the most powerful miners. Bitcoin Core users also get better security for their bitcoins, privacy features not available in other wallets, and a choice of user interfaces.
That said, it would appear that compromise is not out of the question given the big guns being used by nation-state attackers.
“Not being careful before you download binaries could cause you to lose all your coins,” the site said. “This malicious software might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.”
The hashes of Bitcoin Core binaries are cryptographically signed with a key, which Bitcoin recommends that all users download. Users should also securely verify the signature and hashes before running any Bitcoin Core binaries.
Photo © Lightboxx