Bitcoin Gold Tightens Wallet Security, Warns of Compromised Wallets

After the core wallet of Bitcoin Gold was attacked by doctored software and led to compromised addresses, the BTG team monitors the wallet situation more closely.

Bitcoin Gold had a rough start, first with an online wallet that stole private keys, and then with a compromised core wallet with a doctored file. The wallet, planted through an unknown break into the project's GitHub page, managed to create corrupted addresses where the hacker could access a copy of the private key.

The Bitcoin Gold team has listed the compromised addresses, hoping users would see them. We are copying the list in full:

  1. GadEpgad3RZsVUPHwjCGb9FtjtKGzRb5sG
  2. GaQSYNHY4Q2SwMZzDijZinNxAhLQEsssSi
  3. GcCZQcQpAk79CptpLeFv4qqtBGG7CcTVQm
  4. GcmMn69VcmvxMiejDKQj2QdZWTBjLhKYrt
  5. GcwmbqCB4qW41GpaZDaQ5o2ZRw1yYKpjr7
  6. GeuKzeHAQj6vWPTejjuAHbmxkY5UtPtgi2
  7. Gg52PSpgeyg4bFTXAbbYNqDSL1orvLnUbD
  8. GgkPYo3BHjSUkn1jk9GmQuw5RffijddofM
  9. GLa8GNp7koQRCY1NJJBQPrc342iFRMD7pW
  10. GLRr1J5iChrYqJ5CQedb2pVQhGrn5MEJ7r
  11. GNRiT5NKJv4b7d1izCTdkUrsNobWncHhog
  12. GPq2YvYYGbHB4iQio9gc1nHGE152Ee3iXb
  13. GQ67xcbvzz6gwE1XGmoscBVD7D4JmQBDdw
  14. GR3U9aBbGpbabQhZQM4A8mgA66ysfgayUc
  15. GTqxcgqkUJ7iiCVCQkms1DZ4qU5LXT7XDN
  16. GVwGdrvEu9hKqdnxpUKw4YVxzbkkGoWgsQ
  17. GWAh7w5SaPqvBEPvnrmJXcqR93cyLMFsiN
  18. GX4wntkpnSKE2WzztLy8zFr4Lffw42PmGW
  19. GXAvw7EfhhrQYBnGX39RtphWqP6edZewZh
  20. GXCeqB31yk7TvAXBnvukfYMn3pB1DxjhuL
  21. GXmwNeoQaDFcV9Hq7B6ihngTqsgN6YTV6c
  22. GYcnBB2nti5M7WhyE8QKYXxgZHpnmfHuyn
  23. GYkopFW15LiU9vcquWdhmbAjb7LsYCXjQ6
  24. GYLoy3GGCDeebEfybBW1VYu5qpP6BN3kCm
  25. GYPU5kjhfFV7k15W3pD4m4esRwkjkvXJLX
  26. GZbNy3F7P7URg1oUfJ5QWbWR9WgMGDAWXq
  27. GZLaJ7y2Sasgo64GQthgYFJAxLpAHJowUp

Before that, the Bitcoin Gold team discovered the vulnerable wallets and emptied them into a custodial wallet. As of December, there are no data of compromised BTG wallets. 

"After the Suspicious File incident that we reported on November 26th, our staff conducted a security audit, performed password rotations and 2FA reset for all accounts with access to critical facilities including (but not limited to) Github, and implemented strict security measures and protocols to greatly enhance safety and ensure this does not happen again," wrote the team.

A corrupted file created wallet addresses where the private keys could have been derived in a known way, hence making the wallets insecure.

What is a "Poisoned" Wallet Address:

WARNING: Your Wallet May be Compromised

While GitHub revealed the IP addresses through which the hacker planted the file, the lead did not link to the discovery of the person.

Users are urged to download the newest version of the core wallet with the right checksums, if they create a new wallet. Wallets created at the end of November 2017 were compromised. While the altered file does not pose other threats, users are urged to delete the wallet software to avoid further creation of unsafe addresses.

For funds taken in by the team at address  GLGUbxkU5kFJ7wvvWkWKwYxGhUyVTYmUgF, BTG users are urged to contact the BTG team via social media channels and prove their funds have been moved.