While the crypto space is still premature and not totally secure, cautionary tales are crucial to raise user awareness.
And, unfortunately, the Bitcoin Gold team’s given the community yet another cautionary tale this week, as some users lost all or most of their BTG holdings by transacting with a scammer the Bitcoin Gold developers were endorsing on their site.
The devs didn’t know it was a scammer, of course, but by the time they realized what had been happening, the damage was already done.
Now, new charges of incompetence are being stacked atop old charges of incompetence.
What was the scam?
It all boils down to a supposed third-party “wallet service” mybtgwallet, which – on the surface – claimed provide users with a BTG dashboard wherein they could facilitate BTG transactions.
The official Bitcoin Gold website, BTCGPU.org, had a link to this “dashboard” displayed until the scam became apparent and user uproar forced the BTG devs to remove the link.
The problem? mybtgwallet was no dashboard at all – it was just a scammer’s honeypot in which they collected users’ seeds and BTG transactions on a massive scale.
Accordingly, this honeypot has compromised the seeds of thousands of Bitcoin users. If you know anyone who transacted with mybtgwallet, have them immediately move their remaining BTC and BTG if it’s not already too late.
Community anger mounts
The challenges of running a cryptocurrency operation are numerous, to put it mildly.
The challenges of running one of these operations with only a handful of team members is insane.
That’s the dynamic that the BTG team appears to be running up against right now.
In light of the constant crises that have been occurring, It’s clear the Bitcoin Gold project doesn’t have the appropriate logistical infrastructure to properly vet and optimize the community they’re trying to lead.
In the ensuing fallout of this current scam, users in the various crypto forums stewed as it became clear the BTG devs still had a link up to mybtgwallet for some time even after the “attack” came obvious.
Indeed, the lack of speed, competence, and communication has unquestionably stirred the community’s ire – fanning the flames of doubt as to whether BTG will ever really be able to take off at this point.
Note the mybtgwallet link in the lower middle – Image via archive.org
The BTG team responds
Though it took longer than some would’ve liked, the BTG devs have finally responded by removing the link to mybtgwallet from their site once and for all.
In the devs’ estimation, mybtgwallet was originally trustworthy but had been compromised somewhere along the way:
Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable — Like all third-party sites, that site was not in our control, but we immediately removed it from our pages and the team is working with security experts to get to the bottom of this issue — It appears the mybtgwallet online wallet site was modified by unknown parties long after it was originally published.
Moral of the story: treat your seed with extreme caution
Any time you “give” your seed to a third party, you’re facing a risk. There are only certain verified ways to claim your Bitcoin Gold.
Whether it’s from rogue employees on the inside or malicious hacks from the outside, third-party services cannot guarantee the safety of your seeds at all times.
Double and triple check before you send significant transactions. Do a quick scan of the relevant forums to see if anyone’s brought up a major issue within the past day. Check Twitter for any breaking tweets. Word will spread fast if something’s amiss.