Bitcoin.org, the authentic website of the Bitcoin project was hacked by criminals who advertised a double your money scam and unfortunately, many people fell into the trap.
On September 23, visitors to bitcoin.org were welcomed with a popup instructing them to send cryptocurrency to a Bitcoin wallet using a QR code and earn twice the amount in exchange.
The message stated, "The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years," encouraging users to send Bitcoins to the attacker's displayed wallet address.
"Send Bitcoin to this address, and we will send double the amount in return!"
To add credibility to the claim, the false notice informed visitors that the deal was confined to the first 10,000 users. Users were unable to go beyond the bogus popup message, leaving the rest of the website unreachable for the timeframe of the fraud.
Soon after the hack, Bitcoin.org's site operator(s), known as Cøbra, issued a public notice about the incident.
The Bitcoin address used in the fraud received 0.40BTC, which was worth $17,000. The hacker transferred nearly all of the money from the primary wallet to two additional holding wallets.
Although Bitcoin is assumed to have been established by an anonymous persona, “Satoshi Nakamoto,” the author of the research paper that gave birth to the cryptocurrency, a newer identity “Cøbra” has recently been observed running the Bitcoin.org website, social media, and community channels.
Following Cøbra's notification, Bitcoin.org's name registrar Namecheap immediately blocked the domain until the problem was resolved.
Unfortunately, as evidenced by the attacker's wallet balance, some cryptocurrency fanatics may have fallen for the fraud. The transaction history reveals several payments to the attacker's wallet from various Bitcoin addresses.
According to Bitcoin.org's anonymous operator CobraBitcoin, the fraudsters may have obtained unauthorised access by exploiting a vulnerability in the website's domain name system (DNS). Hackers typically browse websites in search of underlying flaws that may be exploited to launch attacks.
The website has been restored to its pre-hack state after being taken down to investigate the underlying cause of the security incident.