- After the Suspicious File incident that we reported on November 26th, our staff conducted a security audit, performed password rotations and 2FA reset for all accounts with access to critical facilities including (but not limited to) Github, and implemented strict security measures and protocols to greatly enhance safety and ensure this does not happen again.
- We investigated the Suspicious File and learned that some newly created wallet addresses would be Vulnerable to a potential Thief. Fortunately, the file appears to pose no other risks of any kind.
- We used the Thief’s method to find about 30 such wallets on the Blockchain in November containing nearly 80 BTG. No Vulnerable wallets have appeared in December, so it’s unlikely there will be more.
- We tracked these Vulnerable wallets and then evacuated their contents into a safe custodial wallet so that the Thief cannot get them; we look forward to returning these funds to their rightful owners.
We feel the time is right to share more information with the Community regarding the Suspicious File which was announced on November 26th. As we warned in our original Critical Warning post, for four and a half days in late November, a Windows Wallet Installer File was downloadable from our Github which was not authentic. (Our web site’s download section simply links to our Github, so this was a single file accessible from two locations.)
This file, which we’ll call the Doctored Installer, was planted by an unknown third party who gained access to our GitHub; we’ll call this person the Thief. As a result, a small number of Windows users downloaded the Doctored Installer instead of our official Windows Installer between November 21, 2017, 09:39 UTC, and November 25, 2017, 22:30 UTC. GitHub staff have confirmed our earlier assessment that our Linux installer and the source code were not touched; this incident only affected the Windows Wallet Installer. They were unable to assist us with identifying the Thief, beyond giving us IP addresses that were not actionable.
The Suspicious File: What it Does and Doesn’t Do
A thorough analysis of the Doctored Installer showed that it does not appear to contain any traditional malware, like viruses, keyloggers, trojans… our analysis also indicates that the actual wallet software inside the Doctored Installer does not transmit Private Keys or expose existing wallet addresses to any risk. It does, however, contain a clever and seemingly minor change which allows the thief to ascertain the private keys for newly created wallets that appear on the blockchain if those new wallets are created with Doctored Software.
We’ll say that again: if a user created a new wallet with the Doctored Software and that wallet showed up on the chain, the Thief could identify that Wallet and their Private Keys.
It’s important to note that if a user imported their Private Keys for a pre-existing wallet, they are not at risk – this particular exploit only affects new wallets created with the Doctored Software – which we’ll now call Vulnerable Wallets.
We’d like to stress that this is not a flaw in the blockchain or the wallet code used by our project, or by the many other projects with whom we share open-source code. This is not a direct source of any concern regarding most people’s held Bitcoin Gold, or Bitcoin, or Bitcoin Cash, or other cryptos. This is only a concern for new wallets created with this particular Doctored Installer; the Thief intentionally took actions to make these new wallets cryptographically insecure.
Another important note: although we found that the Doctored software appears not to have any other malicious modifications, we’re not saying this software is otherwise safe – it should still be treated as potentially dangerous in unexpected ways; it should be considered malware and deleted; users who downloaded it should scan or wipe their machines to be safe and should strongly consider rotating all their crypto-asset wallet contents if they hold large values or have any doubts. It’s always important when downloading important software to confirm the published SHA-256 hash to ensure that the file was free from tampering or file transfer errors. Many people in the crypto community would consider all of the above to be “basic safety.”
What We Did
At this point in the investigation, still in November, we realized that there were a small number of Vulnerable wallets already existing in the wild, more were showing up, and funds were accumulating in them on the blockchain.
The thief could watch for these wallet addresses to show up on the blockchain after later deposits… and then snatch the contents.
Having figured out the Thief’s scheme, we were also able to identify vulnerable wallets and snatch the contents.
So we did.
In early December, we Evacuated the Vulnerable funds so that the Thief could not steal them. The sums that we found in these wallets have been swept into a safe custodial wallet:
We’ll be happy to return these Evacuated funds to their rightful owners, in full, when they contact us and provide a safe wallet destination address. Validation of rightful ownership will be necessary, which will be handled on a case-by-case basis, but our goal is to return our users’ funds to them as quickly as possible.
The total sum of funds affected is relatively small (less than 80 BTG in fewer than 30 wallets.) We would like to return these funds expeditiously, but as we all know, wallets are pseudonymous – we know which wallets were Vulnerable, but we have no direct way to contact these people. We are working hard to respond quickly to these people as they reach out for assistance.
At this point, we’d appreciate the community’s assistance in finding these individuals, so that we can return their funds to them. The list of affected wallet addresses follows.
GadEpgad3RZsVUPHwjCGb9FtjtKGzRb5sG GaQSYNHY4Q2SwMZzDijZinNxAhLQEsssSi GcCZQcQpAk79CptpLeFv4qqtBGG7CcTVQm GcmMn69VcmvxMiejDKQj2QdZWTBjLhKYrt GcwmbqCB4qW41GpaZDaQ5o2ZRw1yYKpjr7 GeuKzeHAQj6vWPTejjuAHbmxkY5UtPtgi2 Gg52PSpgeyg4bFTXAbbYNqDSL1orvLnUbD GgkPYo3BHjSUkn1jk9GmQuw5RffijddofM GLa8GNp7koQRCY1NJJBQPrc342iFRMD7pW GLRr1J5iChrYqJ5CQedb2pVQhGrn5MEJ7r GNRiT5NKJv4b7d1izCTdkUrsNobWncHhog GPq2YvYYGbHB4iQio9gc1nHGE152Ee3iXb GQ67xcbvzz6gwE1XGmoscBVD7D4JmQBDdw GR3U9aBbGpbabQhZQM4A8mgA66ysfgayUc GTqxcgqkUJ7iiCVCQkms1DZ4qU5LXT7XDN GVwGdrvEu9hKqdnxpUKw4YVxzbkkGoWgsQ GWAh7w5SaPqvBEPvnrmJXcqR93cyLMFsiN GX4wntkpnSKE2WzztLy8zFr4Lffw42PmGW GXAvw7EfhhrQYBnGX39RtphWqP6edZewZh GXCeqB31yk7TvAXBnvukfYMn3pB1DxjhuL GXmwNeoQaDFcV9Hq7B6ihngTqsgN6YTV6c GYcnBB2nti5M7WhyE8QKYXxgZHpnmfHuyn GYkopFW15LiU9vcquWdhmbAjb7LsYCXjQ6 GYLoy3GGCDeebEfybBW1VYu5qpP6BN3kCm GYPU5kjhfFV7k15W3pD4m4esRwkjkvXJLX GZbNy3F7P7URg1oUfJ5QWbWR9WgMGDAWXq GZLaJ7y2Sasgo64GQthgYFJAxLpAHJowUp
About Our Response
This was apparently a long-term scheme on the part of this Thief since only newly created wallets would be Vulnerable, and new wallets are necessarily empty. Distribution of the Doctored Software only took place over a few days, and we have carefully monitored the creation and funding of Vulnerable wallets. The last such new and Vulnerable wallet we’ve seen showed up on the Blockchain in November; no new wallets have appeared during the first half of December. At this point, we think it’s unlikely that any new such wallets will appear in the future.
While we have not pinpointed the exact method by which our GitHub account initially become vulnerable, we have taken multiple steps to ensure that the files hosted there are currently safe and so that a similar situation in the future is extraordinarily unlikely. On top of that, we’ve put monitoring in place to alert us in the unlikely event that an official file changes or becomes corrupted, which will allow us to take prompt action.
Most of the community is aware that when this suspicious file was first reported, we promptly announced the potential risk to the community on our website and via direct emails. At the time we determined the purpose of the Doctored Software, multiple wallets were already on the blockchain and contained funds, and we felt that prematurely announcing our findings would just lead the thief to snatch the user’s funds. We hope that most people will agree that taking custody of the funds before the Thief stole them was the right decision, but we’re sure some people will disagree – as is their right. We would have shared these details earlier, but we wanted to wait until we could be fairly confident that no more new Vulnerable wallets were appearing on the blockchain. We tried to do everything in our power to act in the interest of the Thief’s victims and secure their funds so that they could be returned. Since no new vulnerable wallets have appeared for over two weeks now, we felt it was time to report all we know. Our objective is to get the funds back to their rightful owners.
A Summary and an Apology
We’d like to apologize to the community for this event. We’re sorry our systems weren’t more secure; we’re sorry a malicious file was planted on our GitHub; we’re sorry it wasn’t noticed sooner; we’re sorry any of our community’s funds were ever at risk, and we’re sorry for the doubts and inconvenience that this led to in our community.
We’ve taken actions to address those vulnerabilities, to prevent this from happening again, and to protect the funds of the few affected users. We’ve also stepped up efforts to help our users remember to be safe when working with crypto-related software online, including reminders to check downloaded file hashes and to always be cautious with third-party services. We promise to continue to work hard to keep our community safe and informed.
We would like to thank everyone who assisted us behind the scenes (you know who you are), including the Github staff for their audit help. We’d also like to thank the Community for their patience as we continuously work hard to improve the organization’s operations. Bona fide security researchers and developers of wallet software are welcome to reach out to us for technical details.
Sincerely and humbly yours,
The Bitcoin Gold Organization