MultiversX Tracker is Live!

How can Bitcoin.org be hacked?

Bitcoin Stack Exchange

Bitcoin News / Bitcoin Stack Exchange 163 Views

How is this possible? What happened to allow for this?

The same way that any website can be hacked. Bitcoin.org isn't hosted in some special way that makes it unhackable, it's a website, like every other website. As such, it can be hacked in all of those ways, including, but not limited to: web server compromise, DNS server/account compromise, registrar account compromise, etc.

It is probably that either the server hosting the website was compromised in some form (weak password, compromised SSH key, etc.) or the cloudflare account which is providing DDoS protection was compromised (weak password, support social engineered, etc.) and the settings changed to point to the attacker's server.

in particular the scripts that check for new updates of Bitcoin Core and AUTO DOWNLOAD/INSTALL

Bitcoin Core is no longer being uploaded to bitcoin.org anyways, at least not by the release maintainer. Bitcoin Core's official website is https://bitcoincore.org and you should be getting your binaries from there. AFAIK, the owner of bitcoin.org still mirrors the binaries on bitcoin.org, but it is no longer the official place for Bitcoin Core binaries.

them after verifying the signatures which it also gets from the same domain...

As long as the signatures verify and were created with keys that you trust (presumably you got those keys from somewhere else and did some verification of them), then the binaries downloaded should be fine. This is, after all, the point of having signatures. An attacker who has taken over the website will be unable to create a valid signature with the release key(s) unless they have also compromised those.

For 22.0+, you can also check that the binary's hashes match what the guix builders have built by checking the hashes and signatures in https://github.com/bitcoin-core/guix.sigs (with the new guix process, the signatures over the hashes actually comes from the guix builders too). For 0.21 and earlier, you can do the same check with the gitian signatures: https://github.com/bitcoin-core/gitian.sigs.


Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Comments