A hacker, whose identity has not been recognized, has tried to carry out a couple of “double spend” attacks on the popular digital currency platform Bitcoin Gold, the company revealed in a statement. Over $18 million worth of Bitcoin Gold coins are missing so far.
The criminal has used a lot of different servers in order to have under his control more than half of the fintech company’s hashrate. To put it simply, he has managed to perform a “51% attack”.
Having hacked the system, he was able to change some particular details of blockchain transactions. Thus, he got everything needed for the second attack, known as “double spend”, which provided him with the opportunity to spend the same amount of virtual coins twice.
"The cost of mounting an ongoing attack is high. Because the cost is high, the attacker can only profit if they can quickly get something of high value from a fake deposit," the Bitcoin Gold team explained.
"A party like an Exchange may accept large deposits automatically, allow the user to trade into a different coin quickly, and then withdraw automatically. This is why they are targeting Exchanges."
Actually, the attacker has been working according to one scheme for the last several days. He has been storing BTG digital currency in very large amounts at exchanges and at the same time sending these coins to his e-currency wallet.
It’s interesting to notice, that so far the hacker has been stealing funds only from exchanges, but not users. Moreover, he had also managed to withdraw all the money before the exchanges realized the transaction was invalid.
The Bitcoin Gold team reports that the attacks have begun approximately on Friday, May 18. Since that time, more than 388,000 trade coins have been lost in the hack, that means the hacker has gained more than $18 million.
Despite the fact, that no user has cryptocurrency gone, such attacks pose a great danger as they may lead to the destabilization of backup funds belonging to an exchange or to its insolvency. Thus, an exchange can go bankrupt, having no ability to give the money back to users who still keep them with the company.