Internet Security Blog - Hackology
Hacking Blockchain

Bitcoin Gold still Offline and can Steal your Bitcoin

Beauty of decentralized blockchain is when a majority decides to part ways they can , but such arrangments give birth to unnecessary coins something we saw few month back in shape of “Bitcoin Cash”. This post will explain a serious issue with Bitcoin Gold and how it may eventually let your Bitcoins get into hands of unauthorized people

Bitcoin Gold (BTG) is Born

Just few hours ago Bitcoin Gold came into action the moment BTC reached at  Block 491407.

Why Bitcoin Gold was made ?

Bitcoin Gold publicly appeared on 26th July as an Idea , to make Bitcoin resilient to ASIC miners so that GPU based miners can be utilized and home miners can make something out of it , because currently big mining brands are taking all the cut (Bitmain ?) . All seemed good but with the following shortcoming

  1. No ASIC Resilient code was found in their Source which was suppose to go Live for Bitcoin Gold, no technically advance code structure as per their To-Do List
  2. Founders of Bitcoin Gold also owns a company which sells ASICs and mining gear, it might even be specialized for the exact methods BTG was going to use.
  3. As per their initial BTG intent, BTG was suppose to be ASIC resistant, but the resistance procedure is not described in any whitepaper, and is almost completely absent from the code. Note: BTG will use EquiHash which due to the memory heavy nature makes ASIC miner useless 
  4. A vast number BTG was pre-mined before the blockchain was even publicly released. BTG official website lied about this on their website.
  5. Bitcoin Gold Founder also had a bulk of scam website domains registered with his email [email protected], list of registered domains :
  6. Bitcoin Gold initially came as an ICO which flopped, nothing hides on internet: A screenshot of their earlier website shows how they ran ICO campaign on their website. 1 BTC = 10BTG (Scammer spotted?)
  7. EnviousArm, did a great post on Reddit about their elaborate scams

The Fork – Replay Attack

As the Bitcoin Gold fork came close Bitcoin gained value as everyone was hoping for free BTG , who doesnt like free money ? But the same free Bitcoin Gold can make you lose even your original Bitcoin.

A bitcoin “replay attack” issue would allow an attacker to steal users coins. While the coins wouldn’t necessarily go to the attacker’s wallet address, this vulnerability could empty user wallets on the alternate chain.

To explain how the attack works exactly, Let’s say you have 1 BTC prior to the BTG fork. Once the fork arrives, you would now have 1 BTC and 1 BTG. You go to spend 1 BTC and buy some Alt crypto from a safe and secure place. Next, you check your balance on the alternate chain, and are surprised to see that the coins are gone from that wallet as well and went to another bitcoin wallet. How did that happen? Why did the coins on the alternate chain disappear even though you only spent the original Bitcoins?

The reason is due to the replay attack. An attacker could pick up your broadcasted transaction on one chain, and relay it to a node on another chain. Since the transaction is valid on both chains, both nodes would accept it. Even though you didn’t mean to spend your other coins, a malicious attacker or even the receiver trying to sneak himself extra coins could make you spend them. However, that can happen only if you decide to spend your coins in the first place. If you never send a transaction nobody can magically remove coins from your wallet. Now here is the dangerous part. This attack works both ways too, you could spend BTG coins, and if a BTC node picks up the transaction those coins could be gone as well.

How Bitcoin Gold Replay Attack Effect You ?

Surprisingly at the time of writing this and even after the so called “launch” of Bitcoin Gold , the Replay Protection has NOT been implemented as you can read it here , although their Road-Map Document stated that they had Replay Protection

Lets go through a scenario where Bitcoin Gold Fork can attack you

  • You buy 2 BTC to get 2 free BTG at fork time.
  • People behind BTG project (we call them Scammers-X) impersonates a buyer at an exchange or other app and buy BTG for $1 or $2, doesn’t matter how much because the drama around this fork makes me wonder if it will be even worth anything
  • Scammers-X takes a copy of the transaction he just performed with you
  • Scammer-X sends the transaction in the same form onto the main chain
  • If you still have 2 BTC in your address, they are stolen. Scammer-X made 2 BTC (apart from the 1 or 2 USD he bought BTG for).

How to stay safe from Bitcoin Gold Replay Attacks

  • If you got your BTG,move your BTC to another wallet before doing any other transactions
  • Do not do transactions untill things are clear
  • Wait until Bitcoin Gold implements Replay Protection

Bitcoin Gold Code Issues and is it actually Live ?

Enough surprises for today ? well lets go for another one.

Bitcoing Gold team is still not able to compile their code, just open their GitHub and see the failing code notice. With around 82 failed TestNet preparation deployments for MainNet (MainNet is still not operational ?)

Does it mean that Bitcoin Gold is Actually not live as of yet ? and the only thing that happened is just a snapshot, saying like it is here we part ways but we will work after few days (that is if BTG work out all its issues)

Martin Kuvandzhiev, a contributor of BTG mentioned that main net will be live after the fork – implying that there is only hype about BTG as of yet nothing else.

6 Days ago BTG had no working Testnet they even allowed a 650 BTG bounty for someone who could help them in making a TestNet and MainNet.

Nothing is going live today. You will not be able to mine, send, receive or do anything else with Bitcoin Gold other than seeing them listed on some exchanges.


What do you think about Bitcoin Gold now ?


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem