Cyber Incident Victim: Bitcoin.org

On September 23, 2021, threat actors compromised Bitcoin.org, the official website for the Bitcoin cryptocurrency project, altering its homepage to display a fraudulent cryptocurrency giveaway scam. The attackers modified the site to claim that "The Bitcoin Foundation" was conducting a limited-time promotion, falsely stating they would double any Bitcoin sent to the wallet address 1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N within the first 10,000 transactions. The website displayed a message encouraging users to participate by sending funds, leveraging Bitcoin.org's credibility to lend authenticity to the scam. The hijacked site remained active for less than one day before mitigation efforts began. Bitcoin.org operator Cøbra publicly acknowledged the compromise via Twitter, warning users about the scam and indicating the site might be offline for several days while investigating how attackers inserted the fraudulent content. Domain registrar Namecheap responded by temporarily disabling the Bitcoin.org domain to contain the incident.

Despite the brief duration of the compromise, the attackers received multiple Bitcoin transactions totaling 0.40571238 BTC (approximately $17,000 at the time) from various addresses, indicating successful victim engagement. Blockchain records confirmed these deposits to the attacker-controlled wallet. Bitcoin.org was subsequently restored to normal operation, though the precise attack vector remained unconfirmed, with some speculation about potential DNS hijacking. The incident demonstrated the continued effectiveness of cryptocurrency giveaway scams, drawing parallels to historical examples such as the 2018 scam that netted $180,000 in one day and Twitter’s 2021 breach that facilitated $580,000 in fraudulent transfers. No additional technical details regarding the website’s compromise or attacker identity were disclosed in available sources.