BITCOINGOLD.ORG is online and all systems are green.
Some of our services (accessed through the bitcoingold.org name) were inaccessible to the public between 13:00 UTC on 21 June and 17:10 UTC on 23 June.
A team member’s recent model mobile phone with up-to-date software and patches was remotely hacked using zero-day exploits. This was a sophisticated and targeted attack. The hackers were then able to hijack our account with our Domain Registrar and point our domain name away from our DNS servers, causing people to lose access to our website, forum, and any services using the bitcoingold.org name.
Our DNS servers and infrastructure were never compromised.
The BTG blockchain experienced no impact whatsoever.
BTG mining and transactions continued normally. The blockchain does not depend on our infrastructure – it is a free-standing decentralized blockchain.
Of interest to other coin development teams:
Forensics suggests this was a planned and very sophisticated attack, likely timed to maximally disrupt our Network Upgrade.
In addition to the usual security measures, such as ensuring that all devices are kept up-to-date, using secure passwords, never allowing passwords to be cached, and using 2FA, we wish to remind everyone of the following:
- external systems which can impact your infrastructure may need even more attention than your infrastructure
- separate, secure emails for critical services are an administrative hassle but add an important layer of security in case accounts are compromised
- modern mobile phones are particular targets because they often connect to many email accounts and multiple services
- SMS-based 2FA is greatly inferior in security to air-gapped hardware 2FA devices – refrain from using systems that don’t allow better 2FA than SMS on mobile phones
Getting back to our normally scheduled work,
The Bitcoin Gold Organization