Bitcoin Gold (BTG) has just issued a warning about a suspicious file of unknown origin found on their download links on their web page and on their Github release page.
It seems that Bitcoin Gold has been dealt more than their share of bad luck recently. The company is still mired in the aftermath of the MyBTGWallet scam, and now they have been hit with another problem that is causing them to issue a critical warning to their customers. BTG has announced that they have found a suspicious file of unknown origin on a link on their download page and on their Github release page file downloads.
Danger, Will Robinson! Danger!
Bitcoin Gold (BTG) states in their critical warning that the file has been present in the link for approximately 36 hours. The file does not trigger antivirus/anti-malware software, however, in an abundance of caution, BTG is presuming that the file. BTG presumes that the file is of malicious intent to steal user information and/or cryptocurrency.
The critical warning by BTG states:
Anyone who downloaded the Windows Wallet file between November 24, 2017, 13:11, UTC and November 25, 2017, 22:30, UTC should not use the file in any way. If the file was used, the computer on which it was used should be addressed with extreme caution; the file should be deleted, the machine should be thoroughly checked for malware and viruses (or wiped clean), and any cryptocurrencies with wallets accessible on that machine should be moved to new wallet addresses immediately.
BTG reminds users to always confirm their downloaded files via SHA-256 checksum.
Affected Links
Here are the affected links impacted by the suspicious file:
Project Github Repository:
https://github.com/BTCGPU/BTCGPU/releases/tag/0.15.0.1
Project Download Page:
https://bitcoingold.org/downloads/
Windows file Download SHA-256:
53e01dd7366e87fb920645b29541f8487f6f9eec233cbb43032c60c0398fc9fa bitcoingold-0.15.0-win64-setup.exe
Linux file Download SHA-256 Hash:
SHA-256: 25d7bf0deb125ecf5b50925a1c58e98c4b0b0a524470379c952f6b9310e97cfe bitcoingold-0.15.0-x86_64-pc-linux-gnu.zip
BTG notes that the links on the Download page point to the Github repository for the project, which is a standard procedure to link the source code with the compiled files. A party of unknown origin replaced the compiled Windows file with a different one on the Github repository. It is important to note that the Linux file was not changed and that the Github repository has been secured. The suspicious file has been replaced with a safe one, and the development team is doing a security audit to make sure all systems are safe.
Lastly, BTG states that the source code was unchanged. If you downloaded the source code to compile it yourself, you should be fine. However, Bitcoin Gold does suggest that users check that their local repository matches the current Github repository and continue to exercise extreme caution.
Are you affected by this critical warning by Bitcoin Gold? Let us know in the comments below.
Images courtesy of Shutterstock, Flickr, and Bitcoinist archives.