As Bitcoin matures and other cryptocurrency alternatives emerge, the growth of interest with cryptocurrency wallet and cryptocurrency node also comes into effect. At the time of this writing, 1 BTC is around $3,960, though huge for an average Joe, it used to be as high $19,783.21 on Dec 17, 2017. Bitcoin Core, the free software bitcoin wallet, which also doubles as a payment verifier emerged as a de-facto standard as the Bitcoin wallet for many people.
Again, as we have discussed in previous articles, the popularity of software comes with risks, some sectors of the community will find ways to leverage this name-recall for their own agenda. Enter bitcoincorewallet.org, a seemingly genuine-sounding name for the official distributor of Bitcoin Core, right? Wrong, it is a website that was created to specifically look like the real Bitcoin Core website, as it offers a fake (and malicious) version of Bitcoin Core.
Of course, as the Bitcoin Core software it offers for download lacks the necessary valid digital signature, Windows UAC should block it from installing unless the user clicks the “allow” button. The Bitcoincorewallet.org is a website that registered itself originating from Panama, but it was registered with privacy options turned-on, hence we cannot find its true website administrator:
Registrar: NameCheap, Inc.
Registered On: 2019-03-12
Expires On: 2020-03-12
Updated On: 2019-03-12
It basically is a recently registered website, under the suspiciously named namecheaphosting.com registrar, which is a red flag from a security standpoint. The factors of it attracting potential victims is limited to its channel of communication. People needs to make sure that they download Bitcoin core only from the two official sources: https://bitcoin.org/en/bitcoin-core/ and https://bitcoincore.org/en/download.
As the code for Bitcoin Core is opensource, it is not difficult for any cybercriminal from downloading its full code from the source tree, modify it in some way to harbor malware-like behavior and upload it to a fake site like bitcoincorewallet.org, waiting for unsuspecting users to use and download them like the genuine Bitcoin Core does.
Advanced Bitcoin Core user needs to make sure that the bitcoin core they download is signed by its developer Wladimir J. van der Laan. This can be verified by Windows by right-clicking the file > choose Properties > Digital Signatures tab.
If the copy of the Bitcoin Core came from GitHub, the commits that modified usually have a historical track record of everything changed in the program. GitHub is also very transparent on who is the developer responsible for a named project, the name of the developer Wladimir J. van der Laan should show in the GitHub page hosting it. Never download anything connected with Bitcoin Core if it is not signed by the original developer.
Some people may find that contacting a professional security firm for help with their cryptocurrency problem is a concern. If you do, please consult with a trusted relative or friend. You can organize the current situation simply by telling people what you are facing. By speaking out and explaining, you may realize that it is a fraud. When you feel that you have actually encountered Bitcoin fraud, or when you feel uneasy about it, please do not hold the problem alone and rely on people around you who may know better when it comes with cryptocurrency handling.