On Thursday, the pseudonymous operator of Bitcoin.org told the public on Twitter that the web portal has been “compromised.” The operator, Cobra, explained that the hackers were able to implement a bitcoin doubler scam model and stressed that the site would be down for a “few days.
Website Operator Cobra Warns Bitcoin.org Has Been Compromised
The mysterious operator of the web portal Bitcoin.org, Cobra, is once again surrounded by controversy. According to the pseudonymous operator of the website, Bitcoin.org has been attacked. “Bitcoin.org has been compromised,” Cobra tweeted early Thursday morning (EST). “[I am] currently looking into how the hackers put up the scam model on the site. May be down for a few days.”
The scam model Cobra speaks of is a doubler scam that attempts to entice people to deposit a fraction of bitcoin with the promise of doubling the deposit. Of course, victims who deposit funds into the doubler scam never get the double reward, as the hackers simply take all the funds after they have accumulated to something worthwhile.
According to one account, the scammers were able to get $17,000 in bitcoin (BTC) while the phony page was online. Some have said that the scam wallet did not make as much money as the website displayed.
“For context, 3 people have sent $100, 1 person has sent around $200, the rest(0.4 BTC) seems to have been sent as a way to make the ‘giveaway’ seem legitimate, so likely [a] scammer’s own coins,” one individual mentioned.
Attack Seems to Be DNS Hijack, Cobra Complains to Cloudflare
The operator behind the website nuke.asia said that the takeover was most likely “social engineering.”
“It appears the domain was taken over,” Charles from nuke.asia said. “The WHOIS info was updated at the time of the hack, the nameservers + DNS changed, and if you try to visit any of the actual pages other than the index you’ll get a 404. It’s a completely different website save for the domain name.”
Meanwhile, Cobra has also been tweeting to the company Cloudflare for assistance. “Bitcoin.org hasn’t been hacked, ever. And then we move to Cloudflare, and two months later we get hacked. Can you explain where you were routing my traffic too? Because my actual server didn’t get any traffic during [the] hack. @Cloudflare @eastdakota,” Cobra said. Then someone asked Cobra if his accounts were compromised. Cobra stressed:
Nope, nothing. None of my accounts seem compromised. Server is fine too (it wasn’t even getting traffic during the hack). The attackers just seem to have exploited some flaw in the DNS.