Another week, another security issue for SegWit Gold (SWG).
On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.
Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.
“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.
The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.
The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.
The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.
“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.