Bitcoin GOLD announces impersonation of files on GitHub

The Bitcoin Gold developers detected that about 36 hours ago, a link to our download page and file downloads on our Github launch page has been serving a suspicious file of unknown origin.

Until proven otherwise, all users should assume that this file was created with malicious intent: stealing cryptocurrencies and/or user information. The file does not activate antivirus/antimalware software but does not presume that the file is safe.

Anyone who downloaded the Windows Wallet file between November 24, 2017, 1:11 PM, UTC and November 25, 2017, 10:30 PM, UTC must not use the file in any way. If the file was used, the computer on which it was used should be approached with extreme caution; the file must be removed, the machine must be thoroughly checked for malware and viruses (or deleted) and any cryptocurrency with wallet accessible on that machine must be moved to the new wallet address immediately.

The links on your download page point to the Github repository for the project. This is a standard practice to associate the source code with the compiled files. An unknown party gained access to the Github repository and replaced the compiled Windows file with a different one. Until the file can be analyzed closely, we do not know what the attempt was. We know that the file does not immediately activate antivirus/trojan warnings. The Linux file was not changed.

The Github repo has been insured and we do not believe that a second attempt is possible. The suspect file has already been replaced by a known secure file whose checksum matches. Our team is conducting a security audit to ensure the security of all other systems, and we will try to determine the purpose of the file.

The source code was not modified. Any user who has downloaded the source code to compile it should not be affected, but best practices suggest that they make sure that their local repository matches the current Github repository and that extreme caution is exercised.

Any user who verified the SHA-256 checksum of the download against the checksum included in our download pages is already aware that the file is not authentic and should not have used the file, but no one should assume that all users take this important step.

UPDATE: Sunday, November 26, 2017, 17:00, UTC – as corrected above, the recall window for the Windows Installer File has been expanded. Two different suspicious files were uploaded to the Github over the course of several days, one after the other. Neither file matched the publicly posted SHA-256 checksum. All users who worked with the suspicious files are advised to take the safest possible course of action or to engage knowledgeable professionals to assist them. The text below is unchanged, but we will be investigating both of these suspicious files fully.

Project Github Repository:
https://github.com/BTCGPU/BTCGPU/releases/tag/0.15.0.1

Project Download Page:
https://bitcoingold.org/downloads/

Windows file Download SHA-256: 53e01dd7366e87fb920645b29541f8487f6f9eec233cbb43032c60c0398fc9fa bitcoingold-0.15.0-win64-setup.exe

Linux file Download SHA-256 Hash:
SHA-256: 25d7bf0deb125ecf5b50925a1c58e98c4b0b0a524470379c952f6b9310e97cfe bitcoingold-0.15.0-x86_64-pc-linux-gnu.zip

Jose Felip

Jose Felip

The difficult thing is not to learn, the difficult thing is to know how to teach. Editor and coordinator of the free book "La era de las BLOCK punto COM" CEO of bitcoiner.today