Bitcoin.org warns of upcoming bitcoin software releases

Rage Comment : The developers of the open source Bitcoin.org website have launched a new version of the Bitcoin software, but Bitcoin.org does not have sufficient technical resources to protect its users from attackers. The blog posts published on the website have not been peer reviewed, which means that the information review on it has not gone through the traditional feedback process. Bitcoin.org representatives recommend that the Bitcoin community, especially the Chinese Bitcoin community, should be particularly vigilant when downloading binary files from its website.

Translation: Nicole

According to a new blog post on the open-source Bitcoin.org website, after Bitcoin Core developers launched a new version of the software, its contributors have reason to believe that online resources have been targeted by suspicious elements.

Bitcoin.org contributor Cobra-Bitcoin published a post today in which he revealed that following a Bitcoin Core development update, certain resources published by the site may become a target of unspecified “state-sponsored attackers.”

The post argues that the real dispute is whether Bitcoin.org will release binaries or executable versions of the Bitcoin Core software, as developers do not want to compile the source code released by the open source development team.

This release is primarily for developers who don't want to use the recommended Gitian build process, where developers are given some open source code so they can build executable code.

"As a website, Bitcoin.org does not have sufficient technical resources to protect us from attackers," the blog post said. "We recommend that the Bitcoin community, especially the Chinese Bitcoin community, exercise caution when downloading binaries from our website."

According to a Bitcoin Core representative, the blog post published on the site was not peer reviewed, meaning the information on it was not vetted through a traditional feedback process.

However, the update has raised questions about the security of information posted on social media, prompting comments from Bitcoin Core contributors.

Bitcoin Core contributor Eric Lombrozo said in a statement:

“There is definitely nothing wrong with the Bitcoin Core binary, as it was built by the Bitcoin Core team, but the problem is that it is targeted by state-sponsored attackers.”

The specific attack in question saw Bitcoin.org users fall victim to a so-called man-in-the-middle attack, where an attacker could create their own version of a file that was used to encourage users to download malware.

The blog post continues:

“These malware can potentially allow your computer to join an attack on the Bitcoin network, and we believe that Chinese services such as mining pools and exchanges are the most risky because this is where the attackers originate.”

At press time, Bitcoin.org representative Theymos was still active on Reddit, where he encouraged bitcoin developers to be “extremely vigilant” when using upcoming software releases.