Being the first release of the Bitcoin (BTC) protocol, the Bitcoin Core wallet is a common target for malicious copycats — since it is the most commonly used Bitcoin implementation. However, it has been a while since there was a serious attempt at producing a malware clone of Bitcoin Core.
Bitcoincorewallet.org is the latest culprit, attempting to spread compromised versions of every Bitcoin Core wallet release since November 2016. However, unlike the authentic wallet from the official source, these lack a valid release signature — which is normally used to prove that the source of a file is genuine.
Looking at the domain registration information, the website has been around since March 12, indicating it has been actively looking to infect users with malware for the better part of two weeks and appears to be mostly targeting users on Stack Exchange, GitHub, and Reddit.
Unfortunately, the trend of releasing fake wallets to steal your bitcoins dates back to almost as long as Bitcoin itself. This type of malware is notoriously difficult to foil since it almost always targets inexperienced users. However, the success of these scams typically boils down to how well it can disseminate itself before being discovered — something the community can help prevent by spreading awareness.
When it comes to staying safe, simply avoiding non-official sources is typically the best bet. However, there have been occasions where even the original source was compromised — though this rarely occurs for the largest cryptocurrencies.
If you do end up downloading a potentially suspicious wallet, there two main things you can do to minimize your odds of being infected with malware. Both will require that you put your safety first when it comes to handling suspect files.
- Take the time to verify the authenticity of the file by using the signature keys or MD5 checksum of the wallet. When it comes to the Bitcoin Core wallet, official releases are provided with a release signing key. This can be verified using PGP, which confirms the files were signed using Bitcoin Developer Wladimir J. van der Laan’s release key. A full guide on PGP is provided here. It is less complicated than it looks and is essential reading for anybody looking to store a non-trivial amount of Bitcoin (or any other cryptocurrency).
- If you are downloading the wallet or other commits from GitHub, you can check whether the file was signed with a verified signature — proving that that commit comes from a trusted source. Most open-source wallet providers will use GitHub, which means this step can be used for the majority of wallets, regardless of the cryptocurrency it is designed for.
[bctt tweet=”Reminder! Don’t forget to verify the source of your cryptocurrency wallet files, it might just save you from an unwelcome shock. Be wary of releases that lack a PGP signature or similar verification measure.” username=”beincrypto”]
Lastly, if for some reason you can’t verify the authenticity of a file using the previous methods, we at least recommend scanning the file before executing it. This can be done by using your personal antivirus software or using an online service such as virus total. However, it should be noted that this is not a fool-proof way to check if a file is malicious since there are several ways to circumvent detection.