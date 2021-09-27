Attackers temporarily seized the official website of the Bitcoin project (Bitcoin[.]org) and implemented an advertisement for a fraudulent distribution of cryptocurrency on the resource pages. Although the hack lasted less than a day, some users managed to believe the hackers, and the scammers “earned” about $ 17,000.

Bleeping Computer writes that on September 23, the following message appeared on the site’s home page:

“The Bitcoin Foundation will repay the community! We want to support our users who have helped us over the years. Send bitcoin to the specified address, and we will refund you twice the amount! “.

In the message, users were asked to credit funds to the address 1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N belonging to the attackers.

Shortly after the site was hacked, the Bitcoin operator[.]org, known by the nickname Cøbra, reported on Twitter about the compromise of the resource.

https://t.co/OsFgRFRRZb has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days. – Cøbra  (@CobraBitcoin) September 23, 2021

Following this message, Cøbra responded to the problem with the Namecheap domain registrar, quickly disabling the domain until the problem was resolved.

Hello, Thank you for reporting this matter. We have temporarily disabled the domain. – Namecheap.com (@Namecheap) September 23, 2021

And although the hack was discovered quite quickly, and measures were taken, unfortunately, the balance of the cybercriminals’ wallet indicates that some users still managed to fall for the bait of scammers. The transaction history shows several transfers made from different bitcoin addresses. As a result, the balance of the hackers’ wallet amounted to 0.40571238 BTC, that is, approximately $ 17,000 at the current exchange rate.

Currently Bitcoin[.]org is already working normally. How exactly the attackers managed to compromise the resource remains unclear, and some information security experts suspect that a DNS attack took place.