An unidentified hacker has mounted several "double spend" attacks on the infrastructure of the Bitcoin Gold cryptocurrency and has managed to amass over $18 million worth of BTG (Bitcoin Gold) coins in the process.
According to a post on the Bitcoin Gold forums, the attacks have started taking place since last Friday, May 18.
The attacker has been deploying a large number of servers to take control of more than half of the Bitcoin Gold's network hashrate in what's known as a "51% attack."
This grants the attacker the ability to modify details of blockchain transactions, an ability he's been using in the last few days to perform a second attack called "double spend," which as the name implies, allows him to spend the same amount of coins twice.
According to the Bitcoin Gold team, this attacker has been using this combination of a 51% and double-spend attack to defraud cryptocurrency exchange services.
"The cost of mounting an ongoing attack is high. Because the cost is high, the attacker can only profit if they can quickly get something of high value from a fake deposit," the Bitcoin Gold team explained. "A party like an Exchange may accept large deposits automatically, allow the user to trade into a different coin quickly, and then withdraw automatically. This is why they are targeting Exchanges."
For the last few days, the attacker has been doing just this. He's been depositing large amounts of BTG coins at exchanges, but also sending the same funds to his own wallet.
By the time exchanges realize the blockchain has been tampered with and that the transaction is invalid, the hacker has already withdrawn funds from the exchange and doubled his original funds.
To counteract attacks, exchanges have been raising the threshold needed to confirm a BTG transaction in the past few days, but the hacker has continued to deploy more and more mining power to take over more than half of the Bitcoin Gold network and carry out the double-spend attack anyway.
The Bitcoin Gold team says it tracked the funds stolen from exchanges to a BTG address located at GTNjvCGssb2rbLnDV1xxsHmunQdvXnY2Ft.
More than 388,000 BTG coins have passed through this account, suggesting the hacker has made over $18 million from his attacks.
To be clear, the hacker hasn't been stealing money from users, but from the exchanges. While no user has lost money, the attacks are still dangerous because they might destabilize an exchange's backup funds, or may lead to its insolvency, which in turn may prevent users from withdrawing funds.
Users may not be losing money right now, but if the attacks continue, some exchanges may go bankrupt and won't be able to refund users still keeping funds with the exchange.
According to one of the exchange portals who collaborated with the Bitcoin Gold team to get to the bottom of these attacks, they also believe the person/group behind this past week's events has also attempted the same attack on the original Bitcoin network in the past.
Bitcoin Gold is a very popular cryptocurrency created by forking the original Bitcoin currency in November 2017, currently ranked #27 based on total market cap.
UPDATE: The Bitcoin Gold team has published an official response, promising network updates.