Bitcoin.org issues 0.13.0 Binary Safety Warning

 

There is a Bitcoin safety warning being issued on the Bitcoin.org website urging users to be extra cautions with the upcoming 0.13.0 release of the bitcoin core wallet. https://bitcoin.org/en/alert/2016-08-17-binary-safety

So far there is not a lot of information or background on this warning as of the time of this posting, but there is some discussion already on a /r/BTC thread: https://www.reddit.com/r/btc/comments/4y8sk7/0130_binary_safety_warning_bitcoinorg/

Until more information becomes available, I would urge caution all around until both the veracity of this warning can be confirmed and the integrity of the wallet and any published keys/hashes/fingerprints are authenticated.

As always, be extra cautious with anything you download, especially wallet software. Also, it may be a good idea to hold off on upgrading your BTC wallet until more information on the specific threat becomes available.

Re-posting the warning below for your convenience:

 

0.13.0 Binary Safety Warning
17 August 2016
Summary

Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website.

In such a situation, not being careful before you download binaries could cause you to lose all your coins. This malicious software might also cause your computer to participate in attacks against the Bitcoin network. We believe Chinese services such as pools and exchanges are most at risk here due to the origin of the attackers.
Mitigation

The hashes of Bitcoin Core binaries are cryptographically signed with this key.

We strongly recommend that you download that key, which should have a fingerprint of 01EA5486DE18A882D4C2684590C8019E36C2E964. You should securely verify the signature and hashes before running any Bitcoin Core binaries. This is the safest and most secure way of being confident that the binaries you’re running are the same ones created by the Core Developers.

Source: Bitcoin.org

Be the first to comment

Leave a Reply

Your email address will not be published.


*