CRITICAL WARNING
Please be aware that for approximately 36 hours, a link on our Download page and the file downloads on our Github release page have been serving a suspicious file of unknown origin.
Until we know otherwise, all users should presume this file was created with malicious intent – to steal cryptocurrencies and/or user information. The file does not trigger antivirus / anti-malware software, but do not presume the file is safe.
Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step.
Anyone who downloaded the Windows Wallet file between November 24, 2017, 13:11, UTC and November 25, 2017, 22:30, UTC should not use the file in any way. If the file was used, the computer on which it was used should be addressed with extreme caution; the file should be deleted, the machine should be thoroughly checked for malware and viruses (or wiped clean), and any cryptocurrencies with wallets accessible on that machine should be moved to new wallet addresses immediately.
The currently posted files are safe, but users should always confirm their downloaded files via SHA-256 checksum.
Project Github Repository:
https:// github.com/BTCGPU/BTCGPU/releases/tag/0.15.0.1
Project Download Page:
https:// bitcoingold.org/downloads/
Windows file Download SHA-256: 53e01dd7366e87fb920645b29541f8487f6f9eec233cbb43032c60c0398fc9fa bitcoingold-0.15.0-win64-setup.exe
Linux file Download SHA-256 Hash:
SHA-256: 25d7bf0deb125ecf5b50925a1c58e98c4b0b0a524470379c952f6b9310e97cfe bitcoingold-0.15.0-x86_64-pc-linux-gnu.zip
Additional Details
The links on our Download page point to the Github repository for the project. This is standard practice to associate the source code with the compiled files.
An unknown party gained access to the Github repository and replaced the compiled Windows file with a different one. Until the file can be closely analyzed, we do not know what the intent was. We know that the file does not immediately trigger antivirus/trojan warnings. The Linux file was not changed.
The Github repo has been secured and we do not believe a second attempt is possible. The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file.
The source code was unchanged. Any user who downloaded the source code to compile it themselves should be unaffected, but best practice suggests that they ensure their local repository matches the current Github repo and exercise extreme caution.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://bitcoingold.org/critical-warning-nov-26/
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit