Menu
Browse

Cyber Threat Actor: John Dass

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

John Dass is a pseudonymused by an individual located in the United States of America who became known for orchestrating a fraudulent scheme against Bitcoin Gold users in November 2017. The actor created a counterfeit wallet service hosted at mybtgwallet.com that posed as an official tool for claiming the newly forked cryptocurrency. By presenting the site as legitimate, the operator convinced victims to enter their private keys or recovery seeds, which were then used to drain holdings of Bitcoin, Ethereum, Litecoin, and Bitcoin Gold. The scam resulted in the theft of over $3.3 million in digital assets, indicating a financially motivated objective. The fraudulent website gained credibility when the Bitcoin Gold team inadvertently promoted it on their official Twitter account, leading many community members to trust the service. Although John Dass interacted with the project’s community, there is no evidence of formal affiliation with the Bitcoin Gold core development team. After the funds were transferred, the operator ceased public activity and disappeared, prompting the Bitcoin Gold team to launch an investigation and clarify that no malicious code resided on their official infrastructure.

The operation relied primarily on social engineering and the deployment of a deceptive web page rather than traditional malware or exploit kits, highlighting a credential‑harvesting approach. No specific malware families, exploit tools, or intrusion techniques were documented in the public reporting of this incident. Attribution remains limited to the alias John Dass, with no publicly established links to state actors, criminal consortia, or other threat groups. The 2017 Bitcoin Gold wallet scam stands as the sole publicly reported campaign associated with this actor, serving as a representative example of their methodology. Following the thefts, the actor’s online presence ceased, and no further operations have been attributed to the pseudonym in available sources.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources