A third-party wallet once promoted on the Bitcoin Gold (BTG) website has been identified as a scam after users were tricked into uploading their private keys and subsequently lost millions in cryptocurrency. The fraudulent service, known as mybtgwallet, was later removed by the BTG team after the scheme came to light, but not before substantial damage had already been done. According to the report, the total losses tied to the incident have now been calculated at roughly $3.3 million.
A scam hidden behind an official-looking recommendation
The fake wallet reportedly presented itself as a tool for users to claim their Bitcoin Gold after the fork. To do so, victims were encouraged to submit their private keys, a step that should immediately raise alarm for experienced users but may not have seemed suspicious to less technical holders. The critical issue is that the wallet link had appeared on the official Bitcoin Gold website, giving it a level of trust that ordinary users could easily mistake for verification or endorsement.
The article notes that the BTG team had also shared links to the wallet on social media and had reassured users that it was safe to use. That apparent endorsement became a major factor in the scale of the losses. Once the scam was exposed, the wallet page was removed, although archived versions of the website remained accessible and showed how the scheme had been presented.
Breakdown of the stolen assets
The funds taken through the operation included approximately $3 million in bitcoin, $107,000 in bitcoin gold, $72,000 in litecoin, and $30,000 in ether. Altogether, the amount reached an estimated $3.3 million, making the case one of the more damaging wallet-related incidents associated with a fork-era claim process.
According to the report, the pseudonymous developer behind the wallet went to considerable lengths to make the service appear legitimate. The wallet was described as open source, which would normally suggest transparency. However, the code on Github was later updated in a way that caused users’ private keys to be transmitted directly to the scam operator. That mechanism turned the wallet from a seemingly useful fork-claim tool into a direct exfiltration channel for user credentials and funds.
Questions over due diligence by project teams
The scale of the theft has intensified scrutiny of the Bitcoin Gold team and, more broadly, of how cryptocurrency projects handle third-party wallet recommendations. The report argues that average users generally do not have the technical ability to inspect code for malicious behavior. Developers and project teams, however, are often in a better position to evaluate whether software is safe before placing it in front of the public.
This has led to a wider question: if a project promotes an external wallet on its official website, should it be expected to audit or at least thoroughly review the code first? In decentralized ecosystems, project teams often avoid making guarantees about third-party tools. But when a link appears on an official channel, many users naturally interpret that visibility as a sign of trustworthiness. The Bitcoin Gold incident illustrates the danger of that assumption when proper verification is absent or incomplete.
The article also points to another high-profile case from the same period. A wallet called Coinpouch, promoted on the Verge website, was reported to have been involved in the theft of about $7 million worth of Verge coins. Taken together, these cases suggest a recurring risk in crypto ecosystems: users often rely on project websites for guidance, while project teams may not always have robust processes in place for validating external software.
BTG team response
A team member had previously said that preliminary investigations indicated that at least some of the theft claims linked to mybtgwallet were credible. Later, the Bitcoin Gold team released a statement saying it was working with security experts to investigate the issue further and would continue cooperating in an effort to determine exactly what happened.
That response acknowledged the seriousness of the incident, but critics argued the team had been too slow to act after early warnings emerged. In fast-moving crypto markets, delays in removing unsafe links or issuing urgent warnings can dramatically increase losses, especially when users are rushing to claim forked assets.
The broader fork-era dilemma for users
The story also reflects a wider pattern seen during the wave of bitcoin forks. Holders who control their own keys often face a difficult decision when a new fork launches: attempt to claim the new coin and accept the operational risks, ignore the claim entirely, or move funds to an exchange that supports the fork and distributes the new asset on the user’s behalf. None of those options is risk-free.
Claiming forked coins through unfamiliar tools can expose users to malware, phishing, or credential theft. Relying on centralized exchanges may reduce some technical risks but introduces counterparty and custody risks. The fake Bitcoin Gold wallet case became a stark example of how quickly the promise of “free coins” can turn into a costly loss when users are asked to reveal highly sensitive information.
Market reaction and security lesson
Despite the negative attention surrounding the wallet incident, the report says the price of Bitcoin Gold rose sharply that week alongside other fork-related assets, including Bitcoin Cash. That divergence between market performance and ecosystem safety concerns is not unusual in crypto, where speculative trading can continue even as infrastructure risks become more visible.
The most important lesson from the incident remains straightforward: private keys should never be uploaded to a third-party website. Even if a wallet appears on an official project page, users should treat any request for private keys with extreme caution. In cryptocurrency, control of the key is control of the funds, and once that information is handed over, recovery is often impossible.
The mybtgwallet case therefore stands as both a security failure and a governance warning. It shows how much damage can follow when trust signals, technical complexity, and inadequate verification collide. For developers, it is a reminder that promoting external tools carries responsibility. For users, it is a renewed warning that convenience and endorsement should never replace basic key safety.

