In the early hours on Thursday, Bitcoin.org greeted visitors with a pop-up window saying that “the Bitcoin Foundation is giving back to the community” as a gesture to “support our users who have helped us along the years.”
The message included a QR code with a Bitcoin address that users were invited to send coins, after which they would receive twice the amount.
The rest of the website’s functionality at the time was limited so that users couldn’t get past the message.
https://t.co/n8Rf4YIcJj has *seemingly* been compromised and is now displaying a popup that is definitely a scam. pic.twitter.com/BRqhwRZbZL
— MyCrypto.com (@MyCrypto) September 23, 2021
By press time, the address received a total of nine transactions worth 0.40571238 Bitcoin (about $17,800 in current prices), with some users on Twitter suggesting that those could be self transactions to make an illusion of legitimate activity.
Promoting giveaway scams has been a popular tactic among cybercriminals in recent years. They often impersonate well-known persons and celebrities, with the likes of Tesla CEO Elon Musk, Microsoft founder Bill Gates, and Ethereum co-founder Vitalik Buterin among the names used by hackers.
Bitcoin.org is the oldest crypto-related website that was registered by Satoshi Nakamoto and Martti Malmi back in 2008. It’s not affiliated with the Bitcoin Foundation, a non-profit organization founded in 2012.
Crypto Twitter on alertThe crypto community was quick to react to the incident, with multiple warning messages quickly flooding Twitter.
Alert! Bitcoin(.)org has been taken over maliciously by scammers. Unbelievable fuckup by whoever was in charge. This is really bad.
— NAKED FACE (bullbitcoin.com) (@francispouliot_) September 23, 2021
Namecheap, the hosting provider for Bitcoin.org, was alerted as well, and it didn’t take the company long to temporarily disable the domain, winning plaudits for prompt action.
Hello, Thank you for reporting this matter. We have temporarily disabled the domain.
— Namecheap.com (@Namecheap) September 23, 2021
To add to the tension, Cøbra, the current pseudonymous operator of Bitcoin.org, reacted to the incident only a couple of hours later, confirming that the website was compromised and that the incident is being investigated.
While the exact way the hackers managed to compromise Bitcoin.org remains unclear, Cøbra suggested that attackers exploited a flaw in the DNS configuration after the website moved to Cloudflare two months ago.
https://t.co/OsFgRFRRZb hasn't been hacked, ever. And then we move to Cloudflare, and two months later we get hacked.
Can you explain where you were routing my traffic too? Because my actual server didn't get any traffic during hack. @Cloudflare @eastdakota.
— Cøbra (@CobraBitcoin) September 23, 2021
By press time, Bitcoin.org looks to be accessible again, however, the direct URL for the Bitcoin white paper hosted on the platform shows a "This site can’t be reached” message.
In June this year, after Cøbra chose to preserve his pseudonymity rather than defend himself against charges of copyright infringement, Bitcoin.org lost a legal battle against the self-proclaimed Bitcoin inventor Craig Wright, with a UK court ordering the website to remove the Bitcoin white paper for UK visitors.
Shortly after the legal defeat, Bitcoin.org was hit with a severe DDos attack, with attackers demanding a ransom of 0.5 BTC.