A fraud committed through Bitcoin Gold wallet managed to steal the equivalent of 3.2 million dollars, according to various reports.
The scam was perpetrated taking advantage of users’ need of claiming their BTG tokens. Via a link placed in the official Bitcoin Gold website that redirected to the fraudulent MyBTGWallet site, users have to submit their private keys in order to claim their respective tokens.
By doing this, users reported that funds stored in their wallets were gone, just like the aforementioned website, which promised to allocated people’s BTG if they sent their private keys.
Overall, an estimated of $ 3.2 million, divided in $ 3 million of Bitcoin, $ 107,000 of Bitcoin Gold, $ 72,000 of Litecoin, and $ 30,000 of Ethereum were stolen from those who trusted in MyBTGWallet.
Users did not suspect of any activity that could be a scam coming from that very same website, in part because of having Bitcoin Gold’s support – by having in their website a link to their fraudulent frontpage) and for its code was open source.
According to an analysis made by Reddit user Uejji, the website’s code, hosted at GitHub, was changed just after the scam started. In fact, it did encode users’ security seed in Base64 and stored them in its cookies, which was resubmitted to Google. It was in that very same moment that scammers could decoded them and use them to steal people’s funds.
It seems that MyBTGWallet was created and managed by a user known as John Dass – there’s no certainty of whether it is his real name or just a pseudonym –. This person had a wallet that is related to that of the scammer, which prompt the possibility of being the same person, or just a victim as well.
Because of all this incident, Bitcoin Gold representatives stated that they’re doing all the pertinent investigations in order to clarify the situation and remedy it, adding that they’re counting on security experts’ collaboration, without specifying who these experts are. They also state that all of their findings will be disclosed as soon as it is appropriated to do so.
They also added that, even though Bitcoin Gold is working with various platforms – like Google, Facebook and Twitter – in order to stop scammers from stealing people’s money, they claim that they don’t have enough influence, so they encourage users to report these cases immediately after having knowledge of them.
They finish their statement by saying:
“It will never be truly safe to enter your private key or mnemonic phrase for a pre-existing wallet into any online website. When you want to sweep new coins from a pre-fork wallet address, best practice is the same as after other forks: send your old coins to a new wallet first, before you expose the private keys of the original wallet.”