A fraud committed through Bitcoin Gold wallet managed to steal the equivalent of 3.2 million dollars, according to various reports.
The scam was perpetrated taking advantage of usersā need of claiming their BTG tokens. Via a link placed in the official Bitcoin Gold website that redirected to the fraudulent MyBTGWallet site, users have to submit their private keys in order to claim their respective tokens.
By doing this, users reported that funds stored in their wallets were gone, just like the aforementioned website, which promised to allocated peopleās BTG if they sent their private keys.
Overall, an estimated of $ 3.2 million, divided in $ 3 million of Bitcoin, $ 107,000 of Bitcoin Gold, $ 72,000 of Litecoin, and $ 30,000 of Ethereum were stolen from those who trusted in MyBTGWallet.
Users did not suspect of any activity that could be a scam coming from that very same website, in part because of having Bitcoin Goldās support ā by having in their website a link to their fraudulent frontpage) and for its code was open source.
According to an analysis made by Reddit user Uejji, the websiteās code, hosted at GitHub, was changed just after the scam started. In fact, it did encode usersā security seed in Base64 and stored them in its cookies, which was resubmitted to Google. It was in that very same moment that scammers could decoded them and use them to steal peopleās funds.
It seems that MyBTGWallet was created and managed by a user known as John Dass ā thereās no certainty of whether it is his real name or just a pseudonym ā. This person had a wallet that is related to that of the scammer, which prompt the possibility of being the same person, or just a victim as well.
Because of all this incident, Bitcoin Gold representatives stated that theyāre doing all the pertinent investigations in order to clarify the situation and remedy it, adding that theyāre counting on security expertsā collaboration, without specifying who these experts are. They also state that all of their findings will be disclosed as soon as it is appropriated to do so.
They also added that, even though Bitcoin Gold is working with various platforms ā like Google, Facebook and Twitter ā in order to stop scammers from stealing peopleās money, they claim that they donāt have enough influence, so they encourage users to report these cases immediately after having knowledge of them.
They finish their statement by saying:
“It will never be truly safe to enter your private key or mnemonic phrase for a pre-existing wallet into any online website. When you want to sweep new coins from a pre-fork wallet address, best practice is the same as after other forks: send your old coins to a new wallet first, before you expose the private keys of the original wallet.ā
