The ElectronGold, an open source wallet adjusted to work with newly forked Bitcoin Gold, has a feature allowing it to intentionally steal private keys. The fault was exposed on the project’s GitHub page.
It seems, however, that the copy of the wallet is a malicious version, and has been wrongly linked to the user Fyookball. On a Reddit thread, user jonald_fyookball announced he had nothing to do with the actual Electron Gold wallet. But the wallet’s site cites his name as a co-signer of files:
However, the owner of the GitHub repo denies to have anything to do with the Bitcoin Gold project.
At the moment, the Electron Gold wallet is still available for download and is presented as an official Bitcoin Gold wallet. However, jonald_fyookbal stated he is not aware if the Bitcoin Gold has recommended the Electron Gold wallet. There is no link to the wallet from the official Bitcoingold.org page.
However, the presence of such a wallet may be a danger for the community, especially as interest in Bitcoin Gold rises with the pickup in market prices.
So far, there are no reports of funds being drained from the wallet, or if the exploit has been repaired. But it seems like a good idea for users to wait, before jumping in to download the version from https://electrongold.org/.
Beyond staying away from the wallet and not using it to split coins or store Bitcoin, there is little that can be done and the next few days will see how the community deals with the claims and the wrongful inclusion of a developer’s profile into a project that he is not associated with.
The evidence that a version of Electron Gold may steal private keys is presented on this screenshot.
A discussion between jonald_fyookball and user Uejji, who noticed the previous scam with MyBTGWallet, underscores the high danger related to the Bitcoin Gold project, even though it was not intentional:
The Electron Gold wallet is a version of the Electron Cash, a Bitcoin Cash wallet. At the moment, there are no known threats in the Electron Cash version.
Bitcoin Gold seems to have invited every calamity that could befall a user of cryptocurrencies. It started with a failed attempt to build an ICO with pre-mined coins. Later, on launch day the site suffered a DDOS attack. Then, for weeks the project had no main net, built a last-minute replay protection, and when mining started, coins were lost and one of the pools closed due to low profitability. There was additional talk of a CryptoNote hidden miner in the project’s web resources, but so far no new complaints have been known.
And just two days after the launch of the main net, an exploit in the MyBTGWallet stole between $500,000 and $1.5 million’s worth of cryptocurrency by stealing private keys from the browser session. The case of Bitcoin Gold shows that enthusiasm for crypto can lead to a lot of oversights and losses.
As of November 22, Bitcoin Gold is still trying for adoption by exchanges, and trades with a somehow depressed price of $280, after being pumped as high as $500. A lot of users have no access to their coins and as splitting is attempted, users need to be cautious as the seemingly “free coins” have been linked to too many security risks.