The SegWit Gold (SWG) project is hounded by yet another controversy.
This time, users are reporting that they have lost more than $3.3 million in an elaborate scam parading as an online web wallet for SWG tokens. Called MyBTGWallet, the website was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold—until it was revealed that the site had been leaking user funds.
According to a CoinDesk report, $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC were lost from submitting private keys to MyBTGWallet.
An Internet Archive snapshot showed that the website prompted users to send their private keys or recovery seeds to import SWG from BTC seed, noting that the tool works “with BIP44/BIP39, so it’s compatible with wallets like Jaxx, Mycelium, or Copay.” Users, however, found that their cryptocurrency holdings were sent to a different address.
Reddit user Uejji analyzed the site’s code and found that it stored the recovery keys and sent it to the site’s owner, a developer named John Dass who described himself as “an enthusiasm developer of Open Source Website Proyects and really interested in the Blockchain Technology.”
“So, to summarize, every time someone entered their mnemonic seed into MyBTGWallet.com, their mnemonic was Base64 encoded, stored on the website cookie and then transmitted to Google, where the scammer was free to decode it and have full access to that person’s private keys derived from that seed,” Uejji wrote.
You’ve been warned
MyBTGWallet is the latest addition in the long list of SWG scams that have been taking advantage of many guileless cryptocurrency enthusiasts. Making matters worse is that the team behind SWG promoted the site on their Twitter account, telling users that MyBTGWallet was “safe and work.”
SWG proponents even embedded the tool on their website, only to withdraw their recommendations following the loss of funds, which reportedly happened between Nov. 13 and 14. The SWG team also asked users to report their losses, promising to investigate the incident.
“We have voluntarily been looking into issues around a particular third-party provider previously listed on our site. Preliminary investigations indicated that at least some of the claims of theft by the mybtgwallet site are reliable. Like all third-party sites, that site was not in our control, but we immediately removed it from our pages,” the group said in a statement.