Bitcoin Gold Wallet That Stole Private Keys Scooped $3.3 Million

Last week it emerged that a fake BTG wallet which had been promoted on the bitcoin gold website was fraudulent. The team’s developers removed “mybtgwallet” once the scam came to light, but not before scores of innocent users had been duped. The total amount of cryptocurrency lost to the fraud has now been totted up – and it comes to a whopping $3.3 million.

See also: Bitcoin Gold Addresses ‘Scam’ Wallet and Premine Endowment Process

Fool’s Gold

The website containing the fake wallet, which encouraged users to upload their private keys and claim their free bitcoin gold, has since been purged, but an archived version can still be viewed:

The average user, visiting the bitcoin gold website which contained a link to mybtgwallet, would have had no way of knowing that the wallet was a trap. The BTG team also tweeted links to the wallet and reassured users that it was safe to use, leading to some out-of-pocket individuals to call the whole affair a conspiracy. The successful heist of over $3 million of cryptocurrency raises serious questions, not only about the diligence of the BTG team, but the obligations of developers as a whole.

This week, it also emerged that $7 million worth of the Verge altcoin had been stolen from Coinpouch, an iOS wallet which had also been promoted on the Verge website. Should developers be compelled to inspect the code for third party wallets before promoting them? The average user lacks the technical nous to check for malicious code, but the same cannot be said of cryptocurrency devs. The bitcoin gold team also stand accused of being slow to act once the scam came to light, with a team member stating last week:

Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable

Those claims would appear to have been wholly accurate. In total, $3 million of bitcoin, $107,000 of bitcoin gold, $72,000 of litecoin and $30,000 of ethereum was swiped by the entity behind mybtgwallet. The pseudonymous developer behind the fraudulent wallet went to great lengths to orchestrate the scam. The wallet was supposedly open source, but the code was later updated on Github, enabling the private keys from users to be sent directly to the mybtgwallet scammer.

A statement released by the bitcoin gold team said:

The team is working with security experts to get to the bottom of this issue…[we] will continue to cooperate in every way possible and work tirelessly in hopes of getting to the root of what happened.

The BTG team are expected to provide a further update in the coming days.

All That Glitters

After the extent of the mybtgwallet hack came to light, one previous beneficiary of forked coins – Bitmain’s Jihan Wu – had this to say:



With every passing fork, the birth of bitcoin cash is starting to look like a textbook case in how to fork a coin. With bitcoin diamond (BTD) the next fork to be born, which is estimated to occur on November 24, bitcoin holders who possess their own keys have a dilemma to face: claim BTD, or play it safe and ignore the forked coin altogether. The third option, of course is to send bitcoin to an exchange that will support BTD and disburse the coins, but relying on centralized exchanges is not without its risks either. Despite the negative publicity surrounding bitcoin gold, the price of the virtual currency has climbed sharply this week along with its fellow fork bitcoin cash.

Do you think that cryptocurrency developers have a duty to verify third party wallets? Let us know in the comments section below.

Images courtesy of Shutterstock.

Need to calculate your bitcoin holdings? Check our tools section.