Why Civic CEO Vinny Lingham isn’t impressed with two-token blockchain projects

Civic CEO Vinny Lingham has been known his level-headed analyses of cryptocurrencies and the blockchain industry in general. Last month at a conference, he became a voice of reason in a room raging with ICO founders. He said that “the crypto sector will need to begin self-regulating due to a number of incidents that have caused concern recently, otherwise governments will impose stricter regulations,” adding in his presentation that “industries that don’t self-regulate get regulated.”

In another ICO event, the man dubbed as the “Bitcoin oracle” criticized that most tokens in existence are in fact, securities. “If the price of something is determined by its ability to deliver an investment return then it’s a security,” Lingham said. “If you’re building a utility token, it has to have real utility — if you’re just using it to raise money, then it’s a security.”

When asked about blockchain projects that utilize a two-token system, Lingham is not impressed either.

“People will raise money by whatever way they possibly can—if it means bending the rules, changing the system, and unsuspecting people will wind up putting up the money to buy it. But just because you can raise money in a certain way doesn’t mean you should,” Lingham said.

Some blockchain projects offer two different tokens: one for utility, and one for governance. Segregating the two keeps the utility token liquid, and reserves governance tokens for those who want to get involved in the development of the project—and those who just want to HODL for profits later on. Unfortunately—although most founders of such projects say otherwise—governance tokens act quite like a stock and give holders similar powers as if they were stakeholders.

Lingham, who has been an open supporter of Bitcoin Cash (BCH) was also asked about the scaling issue on Bitcoin. He said that it’s impractical to pin hopes on the Lightning Network, which is an unproven solution.

“Lightning, maybe it works, maybe it doesn’t. The point is, you’re going from something that’s proven, that can scale, at least to some degree, versus something which is unproven and it may not be able to scale, and we’re pinning our hopes on it. It’s very impractical,” he said.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

Teen exposes security vulnerability in Ledger hardware wallet

Cryptocurrency hardware wallet Ledger has been found to contain a major security flaw, which could enable hackers to steal funds from users through a variety of different methods.

The exploit was identified by a teen digital security expert, Saleem Rashid, earlier this week and undermined Ledger’s claims to be ‘tamper-free.’

Upon discovering the exploit, Rashid contacted Ledger CTO Nicolas Bacca to report his findings. The flaw theoretically allows retailers and resellers to load compromised firmware, which would be successfully verified by the device via its connection to the Secure Element.

As soon as the compromised device is used for storing cryptocurrency, the hacker could then successfully recall the relevant private keys, which would effectively allow them to walk away with the contents of the wallet.

According to Rashid, his initial referral of the security flaw was dismissed by the firm, who refused to engage seriously with his recommendations. Nevertheless, a firmware update was released, which went on to attract further criticism from the teenager.

The findings have divided opinion amongst the cryptocurrency community, with some users suggesting the flaw wasn’t as serious as Rashid had initially suggested.

Responding to user comments on Reddit, Ledger CEO Eric Larchevêque described Rashid’s technical report into the flaw, published on his blog, was ‘a massive FUD’, and disclosed as a reaction to the firm’s unwillingness to treat his findings seriously.

“Saleem got visibly upset when we didn’t communicate as ‘critical security update’ and decided to share his opinion on the subject,” the Ledger CEO said.

Ledger subsequently published an update, explaining three separate security issues identified by a team of bounty programme researchers. Notably, Saleem Rashid was included amongst the three security experts working on the project—something Rashid himself has denied.

The move follows on from Rashid’s earlier work, most notably in identifying similar flaws with the TREZOR One device. The flaws identified in this case were more warmly received, and even garnered public praise for Rashid from the firm’s CEO.

Nevertheless, it seems not all hardware wallet manufacturers are as open to discussing security flaws with independent researchers like Rashid, and in any event, often less willing to release critical security updates to patch these flaws.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Meltdown & Spectre: What you need to know as a crypto user

In a responsible disclosure posted Wednesday, security researchers from Google’s Project Zero working on the recently revealed Meltdown & Spectre attacks have issued warnings to all users from different industries who are using Intel, AMD & ARM processors. The highlighted threats reveal possible ways in which hackers may access privileged data in any device running processors from these manufacturers.

MELTDOWN & SPECWHAT?!

Modern processors, or at least those built from 1995 onward perform “speculative execution,” a process in which they anticipate a layer of instructions based on a previous memory of related commands stored in the kernel level. Processors do this to maximize performance by avoiding repetition and execute the instructions before they are verified as necessary.

Essentially, the processors are doing guesswork over what should happen to data. If they get it right the first time, there’s no problem. If the processors make a wrong guess, the results are thrown out and they go back to executing the correct set.

This process of speculative execution won’t affect program behaviors, but the research team behind Google Project Zero suggests that it can modify the processor’s state. This modification can be seen by looking into the differences in duration between certain operations. By comparing the time between these operations, one process can derive properties of data belonging to another process. This kind of info can then be used to directly extract and deploy passwords stored in a browser. What’s more, because it’s already leaked, info accessed through this process can bypass existing protections such as address space layout randomization (ASLR), enabling JavaScript exploits using buffer overflows to perform better.

The Meltdown & Spectre exploits may be initiated from remote or physical instances, compromising a computer’s memory architecture to access previously protected areas, while also decoding and reading privileged data without permission. This access to sensitive data embedded into a computer’s security provides leverage to a potential hacker, who may use the info extracted for financial gain, as is the case with recent hackings in the crypto sphere.

WHAT TO DO THEN?
What does this mean for people who use cryptocurrencies?

While alarming at first glance, these vulnerabilities can be mitigated by ensuring that best practices in crypto security are implemented (in this case, #6 is most important). Short and simple:  all access to user wallets should be provided with industry-standard authentication protocols, and private keys should remain private, or even stored mnemonically, where possible (here’s a tool you may use if you’re using weak passwords/keys).

While the vulnerabilities have been identified as early as June last year, the researchers had to gather enough data to properly execute the disclosures to the major processor and chip manufacturing companies involved (here are links to the initial responses from Intel, AMD, and ARM) without raising the alarm and inordinately informing hackers looking to exploit it for malicious purposes. Apple and Microsoft, who both make use these chips for their devices, have also responded with official statements.

Prior to the leakage of discrete info on the matter, a coordinated release of security patches was scheduled by the security researchers for January 9, 2018. However, as a report by The Verge notes, the patches are estimated to impact on the processors, with a range of between 5 to 30% decrease in overall performance for affected devices. This led end users to ponder whether the updates were worth it. Recent benchmarks of devices updated with the security patches show that a category average of 17% in performance decrease may be seen across devices and platforms once patches are installed and systems are updated.

Major tech firms, as well as blockchain-based and cryptocurrency businesses like mainstream exchanges, have been scrambling for the past days to find adequate patches to curb the critical flaws which affect processors constructed with proprietary architecture. Cloud-based services and execution platforms will suffer the most, though. Because of the lucrative prospect that Amazon Web Services, Google Cloud, IBM, and Microsoft Azure represent with their suite of enterprise platforms, hackers looking to exploit Spectre, specifically, will be tempted to glance at crypto wallets provided by exchanges, as well as vulnerabilities in devices connecting to hardware wallets.

Steps to mitigate the vulnerabilities have been a primary cause of concern for the tech world in general for the past few days, especially leading to tensions in the issue of net neutrality, with the cryptocurrency industry joining the fight.

CERT, an arm of the U.S. Department of Homeland Security, issued these official descriptions of the side-channel attacks and how they work, advising users across different platforms to update their systems accordingly. In a recent report, however, Microsoft has paused its updates after reports of bricked devices.

For the technically inclined, a summarized description of how these exploits work can be found in this informative Twitter thread by user @gsuberland, an independent security researcher. You may also search through this repository of CPU security bugs caused by speculative execution.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Meltdown & Spectre: What you need to know as a crypto user

In a responsible disclosure posted Wednesday, security researchers from Google’s Project Zero working on the recently revealed Meltdown & Spectre attacks have issued warnings to all users from different industries who are using Intel, AMD & ARM processors. The highlighted threats reveal possible ways in which hackers may access privileged data in any device running processors from these manufacturers.

MELTDOWN & SPECWHAT?!

Modern processors, or at least those built from 1995 onward perform “speculative execution,” a process in which they anticipate a layer of instructions based on a previous memory of related commands stored in the kernel level. Processors do this to maximize performance by avoiding repetition and execute the instructions before they are verified as necessary.

Essentially, the processors are doing guesswork over what should happen to data. If they get it right the first time, there’s no problem. If the processors make a wrong guess, the results are thrown out and they go back to executing the correct set.

This process of speculative execution won’t affect program behaviors, but the research team behind Google Project Zero suggests that it can modify the processor’s state. This modification can be seen by looking into the differences in duration between certain operations. By comparing the time between these operations, one process can derive properties of data belonging to another process. This kind of info can then be used to directly extract and deploy passwords stored in a browser. What’s more, because it’s already leaked, info accessed through this process can bypass existing protections such as address space layout randomization (ASLR), enabling JavaScript exploits using buffer overflows to perform better.

The Meltdown & Spectre exploits may be initiated from remote or physical instances, compromising a computer’s memory architecture to access previously protected areas, while also decoding and reading privileged data without permission. This access to sensitive data embedded into a computer’s security provides leverage to a potential hacker, who may use the info extracted for financial gain, as is the case with recent hackings in the crypto sphere.

WHAT TO DO THEN?
What does this mean for people who use cryptocurrencies?

While alarming at first glance, these vulnerabilities can be mitigated by ensuring that best practices in crypto security are implemented (in this case, #6 is most important). Short and simple:  all access to user wallets should be provided with industry-standard authentication protocols, and private keys should remain private, or even stored mnemonically, where possible (here’s a tool you may use if you’re using weak passwords/keys).

While the vulnerabilities have been identified as early as June last year, the researchers had to gather enough data to properly execute the disclosures to the major processor and chip manufacturing companies involved (here are links to the initial responses from Intel, AMD, and ARM) without raising the alarm and inordinately informing hackers looking to exploit it for malicious purposes. Apple and Microsoft, who both make use these chips for their devices, have also responded with official statements.

Prior to the leakage of discrete info on the matter, a coordinated release of security patches was scheduled by the security researchers for January 9, 2018. However, as a report by The Verge notes, the patches are estimated to impact on the processors, with a range of between 5 to 30% decrease in overall performance for affected devices. This led end users to ponder whether the updates were worth it. Recent benchmarks of devices updated with the security patches show that a category average of 17% in performance decrease may be seen across devices and platforms once patches are installed and systems are updated.

Major tech firms, as well as blockchain-based and cryptocurrency businesses like mainstream exchanges, have been scrambling for the past days to find adequate patches to curb the critical flaws which affect processors constructed with proprietary architecture. Cloud-based services and execution platforms will suffer the most, though. Because of the lucrative prospect that Amazon Web Services, Google Cloud, IBM, and Microsoft Azure represent with their suite of enterprise platforms, hackers looking to exploit Spectre, specifically, will be tempted to glance at crypto wallets provided by exchanges, as well as vulnerabilities in devices connecting to hardware wallets.

Steps to mitigate the vulnerabilities have been a primary cause of concern for the tech world in general for the past few days, especially leading to tensions in the issue of net neutrality, with the cryptocurrency industry joining the fight.

CERT, an arm of the U.S. Department of Homeland Security, issued these official descriptions of the side-channel attacks and how they work, advising users across different platforms to update their systems accordingly. In a recent report, however, Microsoft has paused its updates after reports of bricked devices.

For the technically inclined, a summarized description of how these exploits work can be found in this informative Twitter thread by user @gsuberland, an independent security researcher. You may also search through this repository of CPU security bugs caused by speculative execution.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Electrum to the public: “if you are running Electrum, shut it down right this second”

Electrum wallet just deployed an emergency patch to fix critical security risk.

On Saturday, Electrum devs were sent into a panic, pushing them to release an emergency patch along with an urgent message saying everyone using their Electrum wallets must stop doing so immediately and upgrade to the patched version. Apparently, having the wallet open while browsing the web allows any website to steal users’ BTC.

Wallets with no passphrases set are also considered compromised, whether they surfed the web or not while the wallet was open. Those with weak passwords are also at risk.

The security notice on Electrum’s website links to a post by Theymos (r/bitcoin moderator) on BitcoinTalk, where they urged users to shut down the wallet and upgrade to the new version. The post has been updated to say that the first patch attempt is still vulnerable, and that users must upgrade to version 3.0.5. And that it in fact is safer to just move all their BTC to a newly generated Electrum wallet altogether.

Electrum to the public: “if you are running Electrum, shut it down right this second”

White hat hacker and Google vulnerability researcher Tavis Ormandy says he stumbled upon it while checking out the software included in Tails, an anonymity and privacy-focused live operating system bootable from a USB stick.

Ormandy says that although he just pointed out the issue to Electrum last Saturday, pushing them to start working on a fix, the issue has already been pointed out last year.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Electrum to the public: “if you are running Electrum, shut it down right this second”

Electrum wallet just deployed an emergency patch to fix critical security risk.

On Saturday, Electrum devs were sent into a panic, pushing them to release an emergency patch along with an urgent message saying everyone using their Electrum wallets must stop doing so immediately and upgrade to the patched version. Apparently, having the wallet open while browsing the web allows any website to steal users’ BTC.

Wallets with no passphrases set are also considered compromised, whether they surfed the web or not while the wallet was open. Those with weak passwords are also at risk.

The security notice on Electrum’s website links to a post by Theymos (r/bitcoin moderator) on BitcoinTalk, where they urged users to shut down the wallet and upgrade to the new version. The post has been updated to say that the first patch attempt is still vulnerable, and that users must upgrade to version 3.0.5. And that it in fact is safer to just move all their BTC to a newly generated Electrum wallet altogether.

Electrum to the public: “if you are running Electrum, shut it down right this second”

White hat hacker and Google vulnerability researcher Tavis Ormandy says he stumbled upon it while checking out the software included in Tails, an anonymity and privacy-focused live operating system bootable from a USB stick.

Ormandy says that although he just pointed out the issue to Electrum last Saturday, pushing them to start working on a fix, the issue has already been pointed out last year.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korean exchanges blame North Korea for recent crypto-heists

North Korea is making its mark on the cryptocurrency sphere, and in a nefarious way.

Last Tuesday, South Korean exchange Youbit suffered their second hacking for the year, losing 17% of its total assets and ultimately declaring bankruptcy.

Being only one of several exchange heists recently, cybersecurity firm CrowdStrike’s CEO George Kurtz told CNBC that this recent robbery of Youbit, along with that of Bithumb in July were all perpetrated by North Korean hackers.

In an interview with CNBC, Kurtz says North Korea’s threat in the cryptocurrency space is something to be taken seriously.

“I certainly think it highlights the capabilities that North Korea has in cyber… It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies,” he said.

Kurtz isn’t the only cybersecurity expert pointing fingers at North Korea for cryptocurrency heists. Earlier this week, SecureWorks senior security researcher Rafe Pilling issued a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system to assess if it’s worth looting before installing additional malware to aid the robbery. The attack was attributed to the Lazarus Group—the same group said to be responsible for the WannaCry ransomware, which blackmails users into depositing cryptocurrency tokens lest their files be wiped or publicized, as well as a botched attempt on a $1 billion loot from the Bangladesh Central Bank.

According to Pilling, this attack also originates from North Korea and is highly likely “state-sponsored” considering the fact that such an operation will not go unnoticed in the tightly controlled rogue state—making it highly probable that the spearphishing campaign had at least a certain level of approval from the government.

In an article, FireEye senior cyber threat intelligence analyst Luke McNamara outlines incidents of suspicious activity observed from North Korea which they began observing in 2016. McNamara says that North Korea’s monopoly of criminality in the cryptocurrency space, however, may probably be short-lived, and they might soon have to compete with even more groups with similar intentions.

“…it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” he concluded.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korean exchanges blame North Korea for recent crypto-heists

North Korea is making its mark on the cryptocurrency sphere, and in a nefarious way.

Last Tuesday, South Korean exchange Youbit suffered their second hacking for the year, losing 17% of its total assets and ultimately declaring bankruptcy.

Being only one of several exchange heists recently, cybersecurity firm CrowdStrike’s CEO George Kurtz told CNBC that this recent robbery of Youbit, along with that of Bithumb in July were all perpetrated by North Korean hackers.

In an interview with CNBC, Kurtz says North Korea’s threat in the cryptocurrency space is something to be taken seriously.

“I certainly think it highlights the capabilities that North Korea has in cyber… It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies,” he said.

Kurtz isn’t the only cybersecurity expert pointing fingers at North Korea for cryptocurrency heists. Earlier this week, SecureWorks senior security researcher Rafe Pilling issued a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system to assess if it’s worth looting before installing additional malware to aid the robbery. The attack was attributed to the Lazarus Group—the same group said to be responsible for the WannaCry ransomware, which blackmails users into depositing cryptocurrency tokens lest their files be wiped or publicized, as well as a botched attempt on a $1 billion loot from the Bangladesh Central Bank.

According to Pilling, this attack also originates from North Korea and is highly likely “state-sponsored” considering the fact that such an operation will not go unnoticed in the tightly controlled rogue state—making it highly probable that the spearphishing campaign had at least a certain level of approval from the government.

In an article, FireEye senior cyber threat intelligence analyst Luke McNamara outlines incidents of suspicious activity observed from North Korea which they began observing in 2016. McNamara says that North Korea’s monopoly of criminality in the cryptocurrency space, however, may probably be short-lived, and they might soon have to compete with even more groups with similar intentions.

“…it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” he concluded.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Users lose $3M funds to elaborate SegWit Gold scam

The SegWit Gold (SWG) project is hounded by yet another controversy.

This time, users are reporting that they have lost more than $3.3 million in an elaborate scam parading as an online web wallet for SWG tokens. Called MyBTGWallet, the website was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold—until it was revealed that the site had been leaking user funds.

According to a CoinDesk report, $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC were lost from submitting private keys to MyBTGWallet.

An Internet Archive snapshot showed that the website prompted users to send their private keys or recovery seeds to import SWG from BTC seed, noting that the tool works “with BIP44/BIP39, so it’s compatible with wallets like Jaxx, Mycelium, or Copay.” Users, however, found that their cryptocurrency holdings were sent to a different address.

Reddit user Uejji analyzed the site’s code and found that it stored the recovery keys and sent it to the site’s owner, a developer named John Dass who described himself as “an enthusiasm developer of Open Source Website Proyects and really interested in the Blockchain Technology.”

“So, to summarize, every time someone entered their mnemonic seed into MyBTGWallet.com, their mnemonic was Base64 encoded, stored on the website cookie and then transmitted to Google, where the scammer was free to decode it and have full access to that person’s private keys derived from that seed,” Uejji wrote.

You’ve been warned

MyBTGWallet is the latest addition in the long list of SWG scams that have been taking advantage of many guileless cryptocurrency enthusiasts. Making matters worse is that the team behind SWG promoted the site on their Twitter account, telling users that MyBTGWallet was “safe and work.”

SWG proponents even embedded the tool on their website, only to withdraw their recommendations following the loss of funds, which reportedly happened between Nov. 13 and 14. The SWG team also asked users to report their losses, promising to investigate the incident.

“We have voluntarily been looking into issues around a particular third-party provider previously listed on our site. Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable. Like all third-party sites, that site was not in our control, but we immediately removed it from our pages,” the group said in a statement.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Users lose $3M funds to elaborate SegWit Gold scam

The SegWit Gold (SWG) project is hounded by yet another controversy.

This time, users are reporting that they have lost more than $3.3 million in an elaborate scam parading as an online web wallet for SWG tokens. Called MyBTGWallet, the website was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold—until it was revealed that the site had been leaking user funds.

According to a CoinDesk report, $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC were lost from submitting private keys to MyBTGWallet.

An Internet Archive snapshot showed that the website prompted users to send their private keys or recovery seeds to import SWG from BTC seed, noting that the tool works “with BIP44/BIP39, so it’s compatible with wallets like Jaxx, Mycelium, or Copay.” Users, however, found that their cryptocurrency holdings were sent to a different address.

Reddit user Uejji analyzed the site’s code and found that it stored the recovery keys and sent it to the site’s owner, a developer named John Dass who described himself as “an enthusiasm developer of Open Source Website Proyects and really interested in the Blockchain Technology.”

“So, to summarize, every time someone entered their mnemonic seed into MyBTGWallet.com, their mnemonic was Base64 encoded, stored on the website cookie and then transmitted to Google, where the scammer was free to decode it and have full access to that person’s private keys derived from that seed,” Uejji wrote.

You’ve been warned

MyBTGWallet is the latest addition in the long list of SWG scams that have been taking advantage of many guileless cryptocurrency enthusiasts. Making matters worse is that the team behind SWG promoted the site on their Twitter account, telling users that MyBTGWallet was “safe and work.”

SWG proponents even embedded the tool on their website, only to withdraw their recommendations following the loss of funds, which reportedly happened between Nov. 13 and 14. The SWG team also asked users to report their losses, promising to investigate the incident.

“We have voluntarily been looking into issues around a particular third-party provider previously listed on our site. Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable. Like all third-party sites, that site was not in our control, but we immediately removed it from our pages,” the group said in a statement.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.