Bitcoin Gold Website and GitHub Repo Allowed Users to Download a Malicious Windows Client

Cryptocurrency users have been targeted by hackers and other criminals more times than anyone cares to count. The number of attack vectors also continues to increase. Lately, we have seen an uptick in malicious wallet downloads distributed through official channels. The Bitcoin Gold website, for example, linked to a nefarious wallet for over 36 hours until the issue was discovered. That’s a very troublesome development which may have major repercussions.

Another Bitcoin Gold Issue

Ever since Bitcoin Gold officially announced its airdrop, there have been numerous issues with this project. The launch of the network itself had to be delayed by a few days due to the underlying code not being finished in time. Additionally, there have been some issues with the team’s mining pool code, which apparently still contains a hidden 0.5% fee. Things have not gone off without a hitch, and the number of issues only keeps growing. The latest incident is the proverbial straw that broke the camel’s back, though, as it is simply unacceptable.

It seems the Bitcoin Gold website referred users to a malicious wallet client designed to steal users’ private keys and funds. While that is not uncommon in the world of cryptocurrency, it is unclear why it took around 36 hours until people eventually discovered something was up. There is no reason why a fake wallet should be linked to for that long, especially for an ecosystem that only launched a few weeks ago. Moreover, this issue also affected the project’s GitHub release page, which raises even more questions.

There is no doubt in people’s minds that this was an attack against the Bitcoin Gold ecosystem. Whether the assailants aimed to steal just cryptocurrency balances or also obtain user information remains to be determined at this stage. Either way, it is not a positive development for this altcoin; that much is evident. For the time being, it doesn’t appear to have affected the BTG price in a negative manner, but that is still a situation that is well worth keeping an eye on. For all we know, someone may dump a few hundred or thousand BTG on the market in the coming hours, driving the price down in short order.

The bigger question is how someone managed to compromise both Bitcoin Gold’s website and its GitHub repo. Either the same credentials were used for both the site’s backend and GitHub, or there is even more nefarious activity going on right now. It is unclear how all of this is even possible for a cryptocurrency which claims to be the bigger and better Bitcoin. So far, it has been one of the more unprofessional launches of any currency carrying the Bitcoin name.

It appears the Windows wallet file is the only affected client at this point. The malicious client was hosted on the website between November 24th and 25th, for a total of 34 hours and 19 minutes. Users who verified the checksum of this download immediately noticed something was wrong, but very few cryptocurrency enthusiasts generally take the time to do so properly. Then again, the website and repo should never have been compromised to begin with; thus, the blame should not be put on the users themselves whatsoever.

Until we know who was behind this attack, all BTG wallet users who downloaded a Windows client over the past two days should delete the file and grab the official client, just to err on the side of caution. Make sure to create a wallet backup before doing so, though. It seems the Bitcoin Gold team has since secured its GitHub repo once again, although it remains to be seen if they did their job properly this time around.