Cyber Incident Victim: Bitcoin Gold
Date:
Nov 2017
Location:
United States of America
Summary
A fraudulent scheme targeting Bitcoin Gold users resulted in over $3.3 million stolen through a fake wallet service, mybtgwallet.com, which tricked victims into submitting private keys or recovery seeds under the guise of claiming the new cryptocurrency. The perpetrators drained wallets of Bitcoin, Ethereum, Litecoin, and Bitcoin Gold holdings after gaining access. The scam was amplified by the Bitcoin Gold team's initial promotion of the fraudulent website on their official Twitter account, mistakenly assuring its safety. The operator, using the pseudonym John Dass, had engaged with the project's community but was not formally affiliated with the core team. Following the thefts, Dass disappeared, and the Bitcoin Gold team launched an investigation while clarifying that malicious code was never hosted on their official platform.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2017, perpetrators operating the fraudulent website mybtgwallet.com stole over $3.3 million in cryptocurrency from users attempting to claim bitcoin gold (BTG), a newly created fork of bitcoin. The scam involved convincing victims to submit private keys or recovery seeds under the guise of generating bitcoin gold wallets, as documented in an Internet Archive snapshot of the site. After users provided this sensitive information, their cryptocurrency holdings—including at least $30,000 in ethereum, $72,000 in litecoin, $107,000 in bitcoin gold, and over $3 million in bitcoin—were transferred to attacker-controlled addresses. The operation gained credibility through explicit endorsements from the official Bitcoin Gold Twitter account, which repeatedly promoted mybtgwallet.com as safe to use. Further legitimacy derived from the involvement of "John Dass," a pseudonymous developer who engaged with the Bitcoin Gold community via their Slack channel while bearing a "developer" tag, though he held no formal position on the project team. Technical analysis by Exodus wallet representatives and Reddit user Uejji later confirmed the site stored recovery keys and transmitted them to its operators, with GitHub source code alterations occurring after the thefts began.
The Bitcoin Gold team initiated an investigation after victims reported fund losses, with spokesperson Iskra confirming that Dass initially denied involvement before ceasing communication entirely. Forensic evidence indicated Dass orchestrated the fraud, exploiting community trust cultivated through Slack interactions and the project’s social media promotion. While the Bitcoin Gold website briefly hosted a balance-checking tool using code from Dass’s GitHub repository, the team clarified this tool only requested wallet addresses and contained warnings against sharing private keys, with no malicious code present on their official platform. Exodus wallet analysis corroborated the attack methodology, documenting how one user’s wallet emptied immediately after seed submission. The Bitcoin Gold team pledged to announce additional investigative findings within days, though no specific remediation measures for victims were disclosed at the time of reporting.