Bitcoin.org Double Your Cash Scam

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Bitcoin.org

Bitcoin.org is a widely consulted reference on the bitcoin protocol and status. In September 2021, the site's DNS was redirected to a malicious server, which displayed a scam claiming to double people's money if they sent it to a particular donation address. While no post-mortem on the source of the breach was provided, domains can typically be hijacked and changed through a social engineering attack on the registrar. It appears that close to $18k worth of bitcoin was taken, although this is controversial since the largest transfer of 0.4 bitcoin may have come from the hacker themselves. None of the funds have been recovered.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15]

About Bitcoin.org

"Bitcoin.org was originally registered and owned by Bitcoin's first two developers, Satoshi Nakamoto and Martti Malmi. When Nakamoto left the project, he gave ownership of the domain to additional people, separate from the Bitcoin developers, to spread responsibility and prevent any one person or group from easily gaining control over the Bitcoin project."

"From 2011 to 2013, the site was primarily used for releasing new versions of the software now called Bitcoin Core. In 2013, the site was redesigned, adding numerous pages, listing additional Bitcoin software, and creating the translation system."

"Although Bitcoin is assumed to be created by a pseudonymous identity, "Satoshi Nakamoto," the author of the research paper that gave birth to the cryptocurrency, a newer identity "Cøbra" is lately seen managing the Bitcoin.org website, social media, and community channels." "Today the site is an independent open source project with contributors from around the world. Final publication authority is held by the co-owners, but all regular activity is organized through the public pull request process and managed by the site co-maintainers."

Website: [16][17][18][19]

New Update From Bitcoin.org

"The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years. Send Bitcoin to this address, and we will send double the amount in return! Limited to the first 10000 users!"

The Reality

The bitcoin.org website DNS had been compromised, allowing the attackers to redirect the website to a server under their control. The updated website continued to claim to be the bitcoin foundation and instructed users to send funds to the scammer, claiming that and funds sent would be doubled.

What Happened

After the bitcoin.org website was redirected to a malicious server via a DNS attack, a phishing message was displayed on the site. Several users sent bitcoin funds to the attacker's address.

Key Event Timeline - Bitcoin.org Double Your Cash Scam
Date Event Description
September 22nd, 2021 8:10:17 PM MDT Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
September 22nd, 2021 11:08:00 PM MDT CobraBitcoin Twitter Post CobraBitcoin posts a tweet reporting that the bitcoin.org website has been compromised[2]. The website reportedly may be down for a few days.
September 22nd, 2021 11:12:00 PM MDT Controversy Over Domain Ownership Twitter user WhaleWire asks CobraBitcoin how it feels "to be compromised", referencing a controversy over the ownership of the original bitcoin.org domain[20].

Technical Details

"Appears to be DNS hijack as noted by @nukedotasia." "[I]t appears the domain was taken over. The WHOIS info was updated at the time of the hack, the nameservers + DNS changed, and if you try to visit any of the actual pages other than the index you'll get a 404. It's a completely different website save for the domain name."

Attacker's Address: 1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N[8]

Total Amount Lost

The attacker's bitcoin wallet displayed 0.40571238 BTC as having been received[8]. There is some controversy that the attacker may have pretended to fall for their own scam, however there is no documented case of this happening in any other bitcoin doubling scam.

The total amount lost has been estimated at $18,000 USD.

Immediate Reactions

CobraBitcoin announced the compromise on Twitter.

Tweet From CobraBitcoin

CobraBitcoin shared a Tweet to warn the community that the domain had been compromised[2].

"http://Bitcoin.org has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days."

Controversy Over Bitcoin.org Ownership

Twitter user WhaleWire asks CobraBitcoin how it feels "to be compromised", referencing a controversy over the ownership of the original bitcoin.org domain[20].

Ultimate Outcome

"[U]nfortunately, some cryptocurrency enthusiasts may have fallen for the scam as evident from the attacker's wallet balance. The transaction history shows multiple deposits made from different Bitcoin addresses to the attacker's wallet."

"The last updated balance of the wallet was at 0.40571238 BTC or approximately US$17,000." "Scammers probably didn't make off with as much money as the BTC wallet shows as noted by @SadFrogFacts." "For context, 3 people have sent $100, 1 person has sent around $200, the rest(0.4 BTC) seems to have been sent as a way to make the “giveaway” seem legitimate, so likely scammer’s own coins."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

Ongoing Developments

TBD - Any efforts to trace these funds?

Individual Prevention Policies

In general, be familiar with the common scams. Anything claiming to pay back more than you send them is typically a scam.

Any time that you are promised any profit or benefit in exchange for an initial payment, smart contract approval, or deposit, pay special care as to whether the entity making that offer is trustworthy, actually who they say they are, and has the means to fulfill what they're promising. There are no magic algorithms providing guaranteed returns from trading or mining. Trading on average will lose money. Mining is expensive and complex. No one is going to immediately send back more than you sent them. NFT projects will rarely announce a surprise mint in only a single location. Are you fully prepared for the event your money is kept and nothing is delivered in return?

Every approval on Web3 is an opportunity to lose all of the funds present in your wallet. Take the time to review the transaction in full. Fully check over the balance, permissions, and entire address which you are interacting with. Do not trust that your clipboard or any website front-end is guaranteed to provide an accurate address or transaction status. Always perform a test transaction prior to the first high-value transaction in any session.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Bitcoin.org hackers steal $17,000 in 'double your cash' scam (Apr 29, 2022)
  2. 2.0 2.1 2.2 CobraBitcoin - "http://Bitcoin.org has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days." - Twitter (Jul 2, 2022)
  3. Bitcoin - Open source P2P money (Jul 2, 2022)
  4. @Namecheap Twitter (Jul 2, 2022)
  5. @coinpoll_net Twitter (Jul 2, 2022)
  6. Bitcoin.org hacked: bitcoin (BTC) website down - CoinPoll | Grow crypto together (Jul 2, 2022)
  7. @vxunderground Twitter (Jul 2, 2022)
  8. 8.0 8.1 8.2 Attacker's Bitcoin Address - Blockchain Explorer (Jul 2, 2022)
  9. Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (May 16, 2021)
  10. @MrCl0wnLab Twitter (Jul 2, 2022)
  11. @DevariteTheFox Twitter (Jul 2, 2022)
  12. @gort1356890 Twitter (Jul 2, 2022)
  13. @TheBlueMatt Twitter (Jul 2, 2022)
  14. @CloudflareHelp Twitter (Jul 2, 2022)
  15. @ItsGoharr Twitter (Jul 2, 2022)
  16. Bitcoin - Open source P2P money (Jul 2, 2022)
  17. Bitcoin - Open source P2P money (Jul 2, 2022)
  18. Bitcoin - Open source P2P money (Jul 2, 2022)
  19. About bitcoin.org (Jul 2, 2022)
  20. 20.0 20.1 WhaleWire - "How does it feel? To be compromised." - Twitter (Jul 2, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitcoin.org_Double_Your_Cash_Scam&oldid=5195"