Hackers launch 'Double-Spend' attack on Bitcoin Gold to steal over $18 million

Bitcoin Gold Cryptocurrency’s infrastructure suffered several “double spend” attacks that saw hackers steal about $18 million worth of BTG coins. According to a post on the Bitcoin Gold forums, the attacks began on Friday (May 18) in which hackers took control of more than half of the Bitcoin Gold’s network hashrate in a 51% attack.

This gives the miner temporary control of the blockchain to mess with transactions in multiple ways, including the ability to spend the same amount of coins twice. After taking control of the network, the attacker can deposit large amounts of BTG at cryptocurrency exchange and attempt to send those coins to a wallet under their control as well.

Bitcoin Gold is currently ranked as the world’s 26th largest cryptocurrency with an estimated market cap of about $827 million.

"An unknown party with access to very large amounts of hashpower is trying to use "51 percent attacks" to perform "double spend" attacks to steal money from exchanges," the Bitcoin Gold team said. "We have been advising all exchanges to increase confirmations and carefully review large deposits. There is no risk to typical users or to existing funds being held."

Bitcoin Gold said the attacker has been using the 51% and double-spend attack against other cryptocurrency exchange services as well. It also noted that ordinary users, their funds and trades with known partners aren’t at risk in such an attack.

“The only real danger is to anyone who unknowingly trades directly with the attackers for very large sums on an automated system. In other words, Exchanges,” Bitcoin Gold said. “While this problem isn’t unique to Bitcoin Gold and doesn’t represent a flaw, we consider our Exchanges to be critical partners in our Ecosystem, so in a theoretical sense, attacks on Exchanges are attacks on us all.”

So far, a number of exchanges have increased the number of confirmations required to accept large transactions. Still, by the time Bitcoin Gold Network has advised all exchanges to confirm recent BTG transactions and carefully review larger deposits, the attacker will have already stolen a significant amount of funds.

So far, the wallet address connected to the Bitcoin Gold 51% attack has received 388,201 BTG, approximately $17.5 million - most of which have already been moved to other addresses.

Even though the attacker cannot manipulate cryptocurrency from other users’ wallets, or revert other people’s transactions to his own wallet, the attack is still dangerous because it may destabilize an exchange’s backup funds and preventing other users from withdrawing funds from the exchange. It may also lead to an individual exchange going bankrupt.

Bitcoin Gold said it is planning a major upgrade towards the end of June and change their Proof of Work algorithm so BTG cannot be mined on upcoming ASIC hardware. The team says the algorithm change and a new form will help reduce the risk of 51% attacks in the future.

“We’ve been working at an incredible pace the past days to put the plan and pieces together, and we expect to upgrade our mainnet approximately seven days after the necessary software is up and running on our testnet,” they noted. This upgrade will require some software updates on the part of Exchanges, Wallets, Pools, Explorers… While it would be better to give all our partners more than seven days to test and deploy to avoid disruption, these attacks have already forced disruption on us all, so we feel it’s best to get the upgrade completed as soon as we possibly can.

“The Community considers these attacks on Exchanges to be attacks on us all, but we and our Community are resilient and remain dedicated to decentralized solutions,” they added. “We know that many are looking to us to lead the way, and it’s our intention to serve as an example to other projects in the community that are dealing with these sorts of malicious attacks from centralized mining power. In the end, decentralization is the answer.”