Bitcoin Gold BTG $3 Million Worth of Cryptocurrencies Stolen In Phishing Scam
Another day, another ignominious BTG episode. A phishing site, mybtgwallet.com, claiming to redeem users' Bitcoin Gold (BTG) from their BTC wallets has conned gullible victims to the tune of $3 million dollars in cryptocurrencies.
Users were asked to import their seed/private key, which no matter how many times some users are advised not to EVER do on a web browser, they unfailingly and obligingly do. Those behind the phishing site then sent Bitcoin, Litecoin and Ethereum of the users to their own address.
An analysis of the site's code by Reddit user ‘Uejji’ few days ago found that the site stored the recovery keys, which were later sent to the site's owner. The site claimed to be open-source, but all of the source code was changed on GitHub after the scam was initiated, said Torsten Sandor, a spokesperson for Exodus, a digital wallet whose users lost funds in the scam.
One of the victims said, “I reached this site by following the link at [the] bitcoingold.org official website so I trusted it. Yesterday afternoon I noticed both my BTC and BTG stored in that wallet were gone. This only happened with bitcoin gold. It's a very interesting fork … I think it's extremely unfortunate that new investors, people who know little about crypto, started buying into it.”
The fraudulent website was listed as a BTG wallet provider on BTG's website and was endorsed by BTG on twitter as a legitimate website. It shouldn't surprise anyone if it were to be revealed in the wash that the BTG team was behind the Phishing site themselves, such is their knack for knavery. Indeed, there are already claims that the person who created the phishing site, John Dass, was once part of the BTG development team with a ‘Dev' tag on BTG's Slack channel.
Here's how BTG responded to the ‘MYBTGWALLET SCAM',
‘We share the news of new providers via social media, with retweets, shares, etc. Neither these actions nor listing on the bitcoingold.org site should be taken as endorsements of third parties. We cannot attest that they are currently safe nor that they always will be safe.'
Ie., We will promote any website which endorses us without verifying if it's a legitimate website but our promotions are not endorsements. Makes as much sense as BTG's existence.
‘We have voluntarily been looking into issues around a particular third-party provider previously listed on our site. Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable. Like all third-party sites, that site was not in our control, but we immediately removed it from our pages.'
To paraphrase, After siphon off funds from as many victims as we could dupe, we acted post-haste!
As for the alleged John Dass, BTG nexus?
“The investigation increasingly indicated that the original developer, John Dass, was responsible for the fraud all along … He has dropped out of touch with us, as well. There was no formal relationship at all. He did interact with our devs in the Slack regarding developing his open-source code [and] his web site. The BTG Twitter account was simply supporting an individual in the community who was supporting BTG – that was their sole intent, at the time.”
The three million-dollar question is this, why would anyone even bother claiming the bogus, worthless BTG in the first place?