On Sunday, Bitcoin Gold issued a critical security alert. It starts with: “Please be aware that for approximately 36 hours, a link on our Download page and the file downloads on our Github release page have been serving a suspicious file of unknown origin.”
The warning goes on to say: “Until we know otherwise, all users should presume this file was created with malicious intent – to steal cryptocurrencies and/or user information. The file does not trigger antivirus / anti-malware software, but do not presume the file is safe.
“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step.”
Bitcoin Gold is recommending that users no longer trust the computer that the Windows Wallet was downloaded on to. It tells users that: ” the machine should be thoroughly checked for malware and viruses (or wiped clean), and any cryptocurrencies with wallets accessible on that machine should be moved to new wallet addresses immediately.”
Not the first attack against Bitcoin Gold
Last week website mybtgwallet.com suddenly popped up. It placed links on the Bitcoin Gold website asking users to upload their private keys or seeds to claim their bitcoin gold. Those users that did so found themselves out of pocket. The criminals walked away with a variety of cryptocurrencies totalling $3.2 million.
For Bitcoin Gold to be hit again in such a short period of time would seem to be more than just bad luck. It appears that hackers see it as an easy mark and that is bad news for the site and its users. Interestingly, on November 16th, the company uploaded a blog entitled Safety is Critical. The blog warns users that Bitcoin Gold, its partners and its customers are all targets of criminals.
We’ve now seen two attacks in the last 10 days. This suggests that Bitcoin Gold needs to think carefully about its own security.
What does this mean?
This is not the first attack against Bitcoin Gold or Bitcoin wallets and it won’t be the last. As the value of the cryptocurrency continues to rise, hackers will continue to find ways to steal Bitcoins. Wallets are a prized target as they allow the attacker to steal Bitcoins.
This latest warning is potentially more serious than the previous wallet attack. If the files are indeed malware then there is a risk to more than the end users Bitcoin Gold wallet.
BYOD means that many users take their technology into work. This means that any malware or attack against their machines can affect their employers. The file was installed without triggering existing local security software. This means that there is a good chance it will get past any corporate security systems as well.
It could, of course, just prove to be an innocent file. However, until more is known about the file and the attack, users must presume the worst case scenario. That means making sure they secure their cryptocurrency and clean their machine before they take it to work.