Edward Iskra, Bitcoin Gold director of communications first admonished clients about the attack on May 18, reporting that an evil-minded miner was using the exploit to steal means from cryptocurrency exchanges.The miner bought at least 51 percent of the network’s total hashpower, which provided them with temporary control of the blockchain. Gaining this much hashpower is extremely expensive — even on a smaller network like bitcoin gold — but it may be monetized in tandem with a double spend attack.
The attacker, after getting the control of the network, started depositing BTG at crypto exchanges while also intending to send those same coins to a wallet under their control. Generally, the blockchain would resolve this by including only the first transaction in the block, but the attacker managed to reverse transactions as they had majority control of the network.
As a result, they were able to invest funds on exchanges and withdraw them again soon, after which they repealed the initial transaction. This way they could send the coins they had primarily deposited to another wallet.
An address of bitcoin gold connected with the attack has got more than 388,200 BTG since May 16 (basically from transactions it sent to itself). All of those transactions were associated with the double spend exploit, the attacker could have stolen as much as $18.6 million worth of funds from exchanges. The last transaction was sent on May 18, but the attacker could resume it if they still have access to enough hashpower to reach the control of the blockchain.
Bitcoin gold’s developers recommended exchanges to resist the attack by reaching the number of confirmations acquired before they lended deposits to client accounts. Blockchain data displays that the attacker reversed transactions as far back as 22 blocks, allowing developers to advise raising confirmation requirements to 50 blocks.