[Bitcoin-development] Malware authors and best practices for addressing the issue from development / licensing perspective or other

Odinn Cyberguerrilla odinn.cyberguerrilla at riseup.net
Mon Feb 10 00:31:51 UTC 2014


I have a request, which is how do developers address the circumstance in
which someone utilizes your code as part of some effort to deprive (or
steal as the case may be) someone of their bitcoin?

This hasn't happened to me, but I have posed a question about it at


It was prompted by the apparent use of sx by a malware author who then
generated something called Stealthbit (which is malware, and which no-one
should touch).  [fortunately I have not tried to access or use
Stealthbit.)  However, this is a question that also touches on bitcoin
development generally, due to that (it's happened before, it will happen
again, etc.) people may end up using bitcoin code (if they haven't
already) to develop something else that would then be used expressly to
deprive someone of their bitcoins (such as steal them, but I am not
thinking only of theft here).  My question for developers is:  Given that
code is open source and anything can be done with it, good or bad, what
are common development approaches to mitigate or potentially prevent
malware authors from being able to easily appropriate the code you

I realize this question may sound dumb and out of place being that it is
pretty obvious that code which is developed in a free, open source context
can technically be used for anything.  However, beyond suggesting that
people just go to bitcoin.org for wallet technology, what can be done in
the development community that would lessen the likelihood that the code
you develop might be "misappropriated?"  Please note: I am not sure how
this issue might be approached from a development perspective, or license
(MIT, Affero GPL, etc.) perspective, or any other perspective.. I'm just
asking the question.  I support bitcoin and other decentralized currency
efforts including walled development such as darkwallet, and I appreciate
what you all are doing.  Maybe I'm asking the wrong question and it should
be put another way, but I hope you will rephrase my question(s) in a way
that makes more sense in the context of the list discussion here.

Thanks for your work.

More information about the bitcoin-dev mailing list