Independent open-source project Bitcoin.org has issued a warning stating that it suspects that the binaries for the upcoming Bitcoin Core release will likely be targeted by state-sponsored attackers.

While the post remains mute on the nature or origin of the attack, it asserts that it does not have the resources to guard itself against the attack of “this caliber”. Moreover, it believes that Chinese services such as pools and exchanges are most at risk due to the “origin of the attackers”.

"As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website”, the post reads.

Posted by Bitcoin.org contributor Cobra-Bitcoin, the post further urges users to be careful before downloading binaries, as they could lose all of their coins otherwise. It recommends users to securely verify the signature and hashes before running any Bitcoin Core binaries.

“This malicious software might also cause your computer to participate in attacks against the Bitcoin network”, it added.

 The Register quoted Bitcoin Core contributor Eric Lombrozo’s response to the warning. He said:

"The maintainer of the bitcoin.org site (which is unaffiliated with the Bitcoin Core project itself) posted an advisory of an apparent threat he's been informed about - without consulting anyone else.

"Why this was done is uncertain, but verifying cryptographic signatures for builds is generally recommended practice in any case.

"There's absolutely nothing in the Bitcoin Core binaries, as built by the Bitcoin Core team, that has been targeted by state sponsored attackers that we know of at this point. Perhaps certain sites where people download the binaries could end up getting compromised, but let's not unnecessarily spread paranoia about the Bitcoin Core binaries themselves."

On Reddit, Bitcoin.org representative Theymos said that he does not know who “Cobra” is. However, he advised developers to be on ‘high alert’ saying:

“I've heard that almost nobody in the Chinese Bitcoin community verifies signatures. If anyone speaks Chinese, it'd be helpful to write a similar guide in Chinese and advertise this issue more.

“Everyone should be on high alert when 0.13.0 is released. In fact, I recommend not even updating highly sensitive systems to 0.13.0 until at least 3-8 weeks after it's released.

“I wouldn't blindly trust Linux package repositories. Oftentimes packages there are managed by relatively unknown volunteers, and there's not much oversight/checking.”