The development team of the Bitcoin Gold (BTG) cryptocurrency is warning all users users about a security breach involving the official Windows wallet application offered for download via its official website. Bitcoin Gold is the fork of the official Bitcoin cryptocurrency that was created on October 25.
The development team of the Bitcoin Gold (BTG) explained that attackers gained access to this GitHub account and replaced the legitimate Windows installer with a “suspicious” file that were created to steal funds from the victims and other information.
Developers confirmed the Linux version of the official wallet app was not changed during the incident.
The development team discovered the security breach over the weekend when the experts noticed that the SHA-256 checksum for the Windows installer did not match the original SHA-256 checksum for the file present on the GitHub repository.
“Please be aware that for approximately 4.5 days, a link on our Download page and the file downloads on our Github release page have been serving two suspicious files of unknown origin.” reads the security advisory.
Below are the correct SHA-256 checksums for BTG’s Windows wallet app.
Windows file SHA-256:
Further investigation allowed the development team to discover that the “malicious” file was available in the GitHub repository between November 21, 2017, 09:39 UTC, and November 25, 2017, 22:30 UTC.
The bad news for end-users is that the malware was not detected by antivirus software.
“Until we know otherwise, all users should presume these files were created with malicious intent – to steal cryptocurrencies and/or user information. The file does not trigger antivirus / anti-malware software, but do not presume the file is safe.” continues the advisory.
“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step.”
Affected users urge to transfer funds to new wallet addresses and reinstall affected computers.
“If the file was used, the computer on which it was used should be addressed with extreme caution; the file should be deleted, the machine should be thoroughly checked for malware and viruses (or wiped clean), and any cryptocurrencies with wallets accessible on that machine should be moved to new wallet addresses immediately,” suggested the Bitcoin Gold development team that meantime has restored the original files and has secured its GitHub account.
(Security Affairs – cryptocurrency, hacking)