Bitcoin Gold Warns of New Attack Affecting Official Wallet
Тhe GitHub repo of the project was abducted to inject a malicious file into one of the officially approved downloads. The mistake was repaired, but users were exposed to risks for two days last week.
Over the weekend, Bitcoin Gold went on to uncover yet another case of malicious tampering with its wallet. After discoveries that MyBTGWallet stole private keys outright, and Electron Gold also had suspicious code, now the official wallet was seen to sent a malicious file to users who downloaded last week:
"Anyone who downloaded the Windows Wallet file between November 21, 2017, 09:39 UTC, and November 25, 2017, 22:30 UTC, should not use the file in any way."
Users who have installed and opened the wallet, in which checksums did not match, should clean the computer, remove the files and run an anti-virus and malware removal program.
Bitcoin Gold has secured its GitHub page, but before it managed that, the damage was done:
"An unknown party gained access to the Github repository and replaced the compiled Windows file with a different one. Until the file can be closely analyzed, we do not know what the intent was. We know that the file does not immediately trigger antivirus/trojan warnings. The Linux file was not changed."
Bitcoin Gold is a new project of increasing enthusiasm, and thefts are possible for two reasons- first, when users try to split their coins and receive assets on both blockchains, and second- attempting to steal a rapidly appreciating digital asset.
Bitcoin Gold has risen in price and lined up at the top of CoinMarketCap, nearly tripling its price in the past week to $377.53 after BitHumb trading pushed the price upward. The general rising trend in Bitcoin and altcoins has also helped the asset move up.
At the same time, those who lost funds from MyBTGWallet are gathering up forces, intending to find and bring to law John Dass, the rogue programmer who proposed a suspicious balance checking service and later a wallet that was injected with a malicious script and took away private keys from the session.
For forks like BTG or the more recent Bitcoin Diamond, the best solution is to wait for larger wallet services to add the coins, and not risk exposing private keys.
In addition to wallet troubles, sending BTG to exchanges has led to large time lags and also some losses.