Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Users lose $3M funds to elaborate SegWit Gold scam

The SegWit Gold (SWG) project is hounded by yet another controversy.

This time, users are reporting that they have lost more than $3.3 million in an elaborate scam parading as an online web wallet for SWG tokens. Called MyBTGWallet, the website was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold—until it was revealed that the site had been leaking user funds.

According to a CoinDesk report, $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC were lost from submitting private keys to MyBTGWallet.

An Internet Archive snapshot showed that the website prompted users to send their private keys or recovery seeds to import SWG from BTC seed, noting that the tool works “with BIP44/BIP39, so it’s compatible with wallets like Jaxx, Mycelium, or Copay.” Users, however, found that their cryptocurrency holdings were sent to a different address.

Reddit user Uejji analyzed the site’s code and found that it stored the recovery keys and sent it to the site’s owner, a developer named John Dass who described himself as “an enthusiasm developer of Open Source Website Proyects and really interested in the Blockchain Technology.”

“So, to summarize, every time someone entered their mnemonic seed into MyBTGWallet.com, their mnemonic was Base64 encoded, stored on the website cookie and then transmitted to Google, where the scammer was free to decode it and have full access to that person’s private keys derived from that seed,” Uejji wrote.

You’ve been warned

MyBTGWallet is the latest addition in the long list of SWG scams that have been taking advantage of many guileless cryptocurrency enthusiasts. Making matters worse is that the team behind SWG promoted the site on their Twitter account, telling users that MyBTGWallet was “safe and work.”

SWG proponents even embedded the tool on their website, only to withdraw their recommendations following the loss of funds, which reportedly happened between Nov. 13 and 14. The SWG team also asked users to report their losses, promising to investigate the incident.

“We have voluntarily been looking into issues around a particular third-party provider previously listed on our site. Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable. Like all third-party sites, that site was not in our control, but we immediately removed it from our pages,” the group said in a statement.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Users lose $3M funds to elaborate SegWit Gold scam

The SegWit Gold (SWG) project is hounded by yet another controversy.

This time, users are reporting that they have lost more than $3.3 million in an elaborate scam parading as an online web wallet for SWG tokens. Called MyBTGWallet, the website was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold—until it was revealed that the site had been leaking user funds.

According to a CoinDesk report, $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC were lost from submitting private keys to MyBTGWallet.

An Internet Archive snapshot showed that the website prompted users to send their private keys or recovery seeds to import SWG from BTC seed, noting that the tool works “with BIP44/BIP39, so it’s compatible with wallets like Jaxx, Mycelium, or Copay.” Users, however, found that their cryptocurrency holdings were sent to a different address.

Reddit user Uejji analyzed the site’s code and found that it stored the recovery keys and sent it to the site’s owner, a developer named John Dass who described himself as “an enthusiasm developer of Open Source Website Proyects and really interested in the Blockchain Technology.”

“So, to summarize, every time someone entered their mnemonic seed into MyBTGWallet.com, their mnemonic was Base64 encoded, stored on the website cookie and then transmitted to Google, where the scammer was free to decode it and have full access to that person’s private keys derived from that seed,” Uejji wrote.

You’ve been warned

MyBTGWallet is the latest addition in the long list of SWG scams that have been taking advantage of many guileless cryptocurrency enthusiasts. Making matters worse is that the team behind SWG promoted the site on their Twitter account, telling users that MyBTGWallet was “safe and work.”

SWG proponents even embedded the tool on their website, only to withdraw their recommendations following the loss of funds, which reportedly happened between Nov. 13 and 14. The SWG team also asked users to report their losses, promising to investigate the incident.

“We have voluntarily been looking into issues around a particular third-party provider previously listed on our site. Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable. Like all third-party sites, that site was not in our control, but we immediately removed it from our pages,” the group said in a statement.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.