WTF?

Quote"TrueCrypt is not secure," official SourceForge page abruptly warns

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues," text in red at the top of TrueCrypt page on SourceForge states. The page continues: "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform."

QuoteAfter examining all the facts, I think it's most likely they just didn't want to develop it anymore:
    * PGP matches
    * Authenticode matches
    * SourceForge data was modified
    * DNS records were modified
And to top it off, let's put ourselves in the theoretical attacker's shoes, the binaries when run make no unexpected connection attempts or write to any unexpected places and don't appear to contain any unexpected imports, so if this was a hack, it's a very stealthy and very boring one. The most they achieved would be uninteresting to most attackers. It would only really be an effective attack against people who had TrueCrypt volumes but not a current copy of TrueCrypt as there's no compelling reason for anyone to upgrade to 7.2 and certainly they'd be skeptical after this. Any attacker with the intelligence and patience for such an attack would surely realize how poor an execution this would be. A better attack would be "here, it's TrueCrypt 8, it has loads of EFI support and mad security, everyone should install it, it's the best!". There's simply no reason to shut it down like this, unless the attack is just an elaborate practical joke.
It's quite possible this came from 1 big developer hack, but considering how the release was done, with full source and everything for every supported platform... if it was a hack, it's a very, very good one. They've also decided to modify the license terms, perhaps bringing it into compatibility with more common FOSS licenses.
I think it's far more likely at this point that the devs, who had not updated their software in years, finally decided to call the project over and have marked it insecure because the codebase is now unmaintained and should be assumed insecure.

https://news.ycombinator.com/item?id=7812133

That seems to be the general consensus that I'm reading in back rooms. It's generally agreed that this is an effort to discredit TrueCrypt, but nobody is sure who is actually behind it.