This is what happens when you reveal your real life identity to the public, especially if you are well known bitcoin developer which means you own at least a few hundreds.
This incident has nothing to do with him being sloppy with the security of his coins, this was an organized attack just because they knew his whereabouts.
Maybe if you are reading this post and have millions of $ in bitcoin be more careful what you reveal about what you have and who you are.
Maybe Satoshi knew something all along, that's why he disappeared given if he actually still alive.
Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 13. (Read 12899 times)
the practice of security is easy
but alot of people with old timer coins enjoy the "proof of patience" of not moving coins periodically. its a trophy to hoard coins where the utxo is dated over 10+ years
im personally guilty of it, i imported wallets just to make sure that the data has not degreded or been edited to ensure i still had access to keys
the complacency is more about importing keys into wallets of hot (online) devices when you have no desire to move the coins, having keys presented to multiple systems even if your not moving coins. not wiping said devices after whatever you done
but alot of people with old timer coins enjoy the "proof of patience" of not moving coins periodically. its a trophy to hoard coins where the utxo is dated over 10+ years
im personally guilty of it, i imported wallets just to make sure that the data has not degreded or been edited to ensure i still had access to keys
the complacency is more about importing keys into wallets of hot (online) devices when you have no desire to move the coins, having keys presented to multiple systems even if your not moving coins. not wiping said devices after whatever you done
In the absence of a revocation cert for the allegedly compromised PGP key, my money's on his Twitter account being hacked and posting FUD. Does Twitter even still have a security team after Ol' Musky's latest round of firings?
I had same thought too but there are transaction hashes provided in tweets too, well they could be just random big transactions done by some other party, hope he gets them back. 
A simple cold wallet cannot be hacked, that is because you write your seed words with your own hands to a piece of paper in a room without cameras. The fact that these coins were available behind a password means there was a huge flaw. It is a shame this happened to someone who should have known better, but remember that is not Bitcoin's fault.
If you are going to hold that many coins, move them into a cold wallet. Its simple, write those words and don't tell anyone. Make another physical copy (with your own hands, no cameras or any electronic device) and store it in a different physical location, transfer the funds and delete your wallet. The truly paranoid learns to do this in an offline computer with a good OS running from optical media so that once you finish the wallet is gone and only the (written on paper by hand) seed words remain.
Remember that you can still do that today: Make a new wallet, write the words, transfer funds, delete. Practice with a few satoshis. You don't need to have those words electronically available behind a password, what for? Please learn from mistakes people.
If you are going to hold that many coins, move them into a cold wallet. Its simple, write those words and don't tell anyone. Make another physical copy (with your own hands, no cameras or any electronic device) and store it in a different physical location, transfer the funds and delete your wallet. The truly paranoid learns to do this in an offline computer with a good OS running from optical media so that once you finish the wallet is gone and only the (written on paper by hand) seed words remain.
Remember that you can still do that today: Make a new wallet, write the words, transfer funds, delete. Practice with a few satoshis. You don't need to have those words electronically available behind a password, what for? Please learn from mistakes people.
Not trying to joke around or anything. But could this be a 'lost my Monero in a boat accident' kind of 'hack'? I can not wrap my head around how this could have happened. Unless lukedashjr's way of storing his balance was mediocre.
-----
I bet you there are a lot of people who are Seniors in digital security and have devices with weaker security than mine or have weaker passwords than I do. There are things I sometimes preach that I do not do. Do not know why if you ask me.
-
Regards,
PrivacyG
-----
Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting. He is a smart guy. He probably has iron clad security.
You see. I think it is wrong to tie some body's domain to how much knowledge they have about a particular subject or to how good their behavior is. May be a smart guy, but this does not stop him from being silly for once and trusting not storing his Bitcoin in Cold Storage.I bet you there are a lot of people who are Seniors in digital security and have devices with weaker security than mine or have weaker passwords than I do. There are things I sometimes preach that I do not do. Do not know why if you ask me.
I think that his Twitter is hacked due to the leak last week and he is going to post a “please send donations” tweet and that’s the payoff in this hack.
Maybe. Sounds plausible, actually. Who knows.-
Regards,
PrivacyG
It appears more than $3 million in bitcoin was stolen. This is very sad to see and I reckon some people should not make fun of this similar to those imbeciles who are replying in this thread in Twitter.
This year has started terribly for him, to loose $3 million at the beginning of the year where there are many expenses to bother you already is a very sad story. This story only is a reminder that anyone can be hacked if they let their guard down. Anyone can be target regardless of how well you know about bitcoins or not, if you don't practice safe security measures and you let your guard down even for a day, It can put your bitcoins in danger of being stolen. I sincerely hope he finds out how he was hacked to prevent it from happening in the future.
i would say even i got complacent...
thinking back i probably also have my keys at some point touching atleast three PC's i own (not this one i use for forum/lifestyle internet use. im not that dumb)
and i havnt moved the coins in over a decade. so i probably will be moving my stash to fresh keys (when i can be bothered) where the new private keys have not touched a online pc
i kinda dont feel its complacency. it was more of a trophy to not want/need to touch/move coins in years. but from this saga, i can see it from an outsiders prospective of being like complacency
so i agree it might kick some people up the ass to motivate them passed the 'trophy hoard' mindset (appeal of not moving=its own proof of patience. (that my excuse anyways))
thinking back i probably also have my keys at some point touching atleast three PC's i own (not this one i use for forum/lifestyle internet use. im not that dumb)
and i havnt moved the coins in over a decade. so i probably will be moving my stash to fresh keys (when i can be bothered) where the new private keys have not touched a online pc
i kinda dont feel its complacency. it was more of a trophy to not want/need to touch/move coins in years. but from this saga, i can see it from an outsiders prospective of being like complacency
so i agree it might kick some people up the ass to motivate them passed the 'trophy hoard' mindset (appeal of not moving=its own proof of patience. (that my excuse anyways))
Looks like some of it is coinjoined to 1YAR6opJCfDjBNdn5bV8b5Mcu84tv92fa
Source https://mobile.twitter.com/LukeDashjr/status/1609621375349555204
432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930
c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190
4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851
50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6
Source https://mobile.twitter.com/LukeDashjr/status/1609657854113218560
The transaction weren't conjoined. If there were a conjoin he wouldn't possibly be traced to a final address.
He might mean that PART of the input in those transactions are his original UTXO?
1YAR.. is not an address under his control, so the heuristic claiming all the funds are from this hack has to be proven.
For sure, he is not adding clarity to this story.
A question arose on the point of security and how secure can we keep our keys and Bitcoins safe, if it's not even safe at our home. If a core dev like Luke can lose his btc stored since a long time, then anybody here will panic and will try to find the best possible way to store their coins so not to become a victim of such a consequence.
I don't understand why anyone would panic and feel insecure at this moment, because no one hacked Bitcoin, but one man obviously made a wrong step somewhere and now he paid the price for it. The fact is that such a thing shouldn't have happened to a person like him, but it shouldn't have happened to the computer scientist whose HDD ended up in the trash, or to the engineer who forgot the device password and now only has a few attempts before the device resets.
People have always been and will remain the weakest link in any setup, no matter how secure it may seem at some point.
like myself. i have hoards from earlier years. that have not been moved. so due to lack of multisig in early years it wouldnt have been put on multisig when first received. and (even i havnt) bothered to move coins from old stash
As I said, this story will have te positive fallout of making us reconsider why we "didn't bother" to do something.
Not stating that multisig is the right choice, but the "didn't bother to..." is the wrong one.
Every action, or every non action, means there is a need of an assessment of risks.
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
like myself. i have hoards from earlier years. that have not been moved. so due to lack of multisig in early years it wouldnt have been put on multisig when first received. and (even i havnt) bothered to move coins from old stash
if using multisig when its just you using all the keys. multisig ais a little pointles because you have to bring the keys together into one computer to compute address and also to make spends. thus pointless using becasue the keys would be just as compromised
multisog is only useful for multiple parties to sign separately in separate locations and then only need to append signature to a raw tx
...
coins were not on a hardware wallet. as that also requires moving coins from old addresses
he said he had alot of old legacy keypairs, some on a hot wallet and some backed up in physical form(paper wallet, usb stick) stored in a physical house-safe
he said he doesnt have a hardware wallet or airgapped pc.
A question arose on the point of security and how secure can we keep our keys and Bitcoins safe, if it's not even safe at our home. If a core dev like Luke can lose his btc stored since a long time, then anybody here will panic and will try to find the best possible way to store their coins so not to become a victim of such a consequence.
I'm feeling extremely sad on Luke's part but as we have never held 200 btc (most of us) till date, I don't think we are capable of knowing how he must be thinking atm.
I'm feeling extremely sad on Luke's part but as we have never held 200 btc (most of us) till date, I don't think we are capable of knowing how he must be thinking atm.
Well this is a bad story.
200 BTC are huge money for most of us, but Luke Himself said it' a "large" part, not "all" of his Bitcoins.
Two consequences:
1.A lot of bad FUD will come out of this story. "if even an OG bitcoin- core developer" cannot take his Bitcoin safe, who on Earth will be able to do so?"
2.Many of us will review practices to become more responsible managing satoshi. A long overdue review of all the processes involving UTXO manipulation will be carried out by most of us, following this new. And this is a good thing.
200 BTC are huge money for most of us, but Luke Himself said it' a "large" part, not "all" of his Bitcoins.
Two consequences:
1.A lot of bad FUD will come out of this story. "if even an OG bitcoin- core developer" cannot take his Bitcoin safe, who on Earth will be able to do so?"
2.Many of us will review practices to become more responsible managing satoshi. A long overdue review of all the processes involving UTXO manipulation will be carried out by most of us, following this new. And this is a good thing.
Considering this is a Bitcoin developer we are dealing with, they are going to take this matter very seriously. It's not like he's going to get stonewalled by endless layers of customer support bots & human reps like us ordinary plebs do...
I admit that I haven't fully grokked all the details about this so I'll be investigating more about this event.
I admit that I haven't fully grokked all the details about this so I'll be investigating more about this event.
lol you are right though, the only reason Luke is getting so much assistance and help (which I am happy about) is because he is a high profile individual. I've seen countless threads online where similar things have happened albeit with much less BTC and it is not taken seriously.
You should be just fine if you keep Bitcoin in hardware wallet (Trezor, Passport, Bitbox, Keystone...) and keep seed phrase in secure way offline, but best protection is certainly using multisig setup.
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.
Thanks for the tip. Will definitely look into it.
Let's assume Luke is being truthful and did get hacked. How hard is it going to be for the hacker to turn those BTC into cash? I saw a tweet where CZ said if they are moved to Binance they will be frozen. I'm assuming other major crypto reserves will do the same since an online footprint has been left behind?
Considering this is a Bitcoin developer we are dealing with, they are going to take this matter very seriously. It's not like he's going to get stonewalled by endless layers of customer support bots & human reps like us ordinary plebs do...
I admit that I haven't fully grokked all the details about this so I'll be investigating more about this event.
You should be just fine if you keep Bitcoin in hardware wallet (Trezor, Passport, Bitbox, Keystone...) and keep seed phrase in secure way offline, but best protection is certainly using multisig setup.
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.
Thanks for the tip. Will definitely look into it.
Let's assume Luke is being truthful and did get hacked. How hard is it going to be for the hacker to turn those BTC into cash? I saw a tweet where CZ said if they are moved to Binance they will be frozen. I'm assuming other major crypto reserves will do the same since an online footprint has been left behind?
He should track and contact the exchanges asking them to freeze the funds incase the hacker tries to deposit in any of the top ones to convert the coins into stables.
That is good. CZ from Binance has already replied to his tweet:
Anyway, if it were a prank, why would anyone hack his Twitter account, and post a BTC address containing 200+ BTC received recently with no transactions ever sent?
Speaking of CZ now this incident support his claim about self-custody being more risky. The follow up article after the initial report on the hack talks about the reaction of the community with regards to the incident of hacking. And now the reaction is negative because the issue of self-custody is being highlighted and many worry that even the core developer who should be knowledgeable on security has been hacked, what more their grandma's wallet.
Quote
Other community members echoed the sentiment and highlighted that if it could happen to Dashjr, there would be “no nope” for their grandma. A Twitter user also brought mass adoption to the conversation. They believe that if a top Bitcoin developer cannot keep his wallet secure, mass adoption is a “pipe dream.”
Other assumption thinks that the incident of is just a boating incident to avoid paying taxes[1].
Quote
Meanwhile, a few others appear to suggest it may not have been a hack at all, suggesting that someone had stumbled across the seed phrase somehow, or it was part of an unfortunate “boating accident” ahead of tax season.
A boating accident in this context is in reference to a running joke and meme originally used by gun enthusiasts, but since repurposed by the crypto community about people trying to avoid paying taxes by claiming they lost all their BTC in a “tragic boating accident.
A boating accident in this context is in reference to a running joke and meme originally used by gun enthusiasts, but since repurposed by the crypto community about people trying to avoid paying taxes by claiming they lost all their BTC in a “tragic boating accident.
[1] https://cointelegraph.com/news/bitcoin-core-developer-claims-to-have-lost-200-btc-in-hack
Get a hardware wallet. Or a SeedSigner device.
...Or set up both your cold storage and companion watch only hot wallet with Electrum on laptops with cameras, hence allowing you transfer those transactions (unsigned and signed) as QR code images.
If you're adding a secondary cold storage:
* you're doing it wrong
* you've misunderstood something and need to read more
However, this is off topic, if you have more questions please make a new topic with them.
...Or set up both your cold storage and companion watch only hot wallet with Electrum on laptops with cameras, hence allowing you transfer those transactions (unsigned and signed) as QR code images.
If you're adding a secondary cold storage:
* you're doing it wrong
* you've misunderstood something and need to read more
However, this is off topic, if you have more questions please make a new topic with them.
The QR code idea is genius. No need to be connected to the internet and therefore much more secure.
I'll be binge reading a lot of articles and information in the next few days.
Thanks.
What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security.
Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?
You should be just fine if you keep Bitcoin in hardware wallet (Trezor, Passport, Bitbox, Keystone...) and keep seed phrase in secure way offline, but best protection is certainly using multisig setup.Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.
That is good. CZ from Binance has already replied to his tweet:
This is not good at all.We don't want Binance freezing coins all the time, and we already know that CZ would love to control Bitcoin blockchain and reverse transactions whenever he wants.
Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm...
To me, this story is incredible, that a man who should understand all the risks and secure his funds better than most is hacked in this way? If by any chance it was an online/hot wallet, everything would still make sense, but a cold wallet should be immune to all online attacks, even though @ETFbitcoin mentions a possible way to compromise such storage.
It would be nice if everything was actually a consequence of Twitter's still poor security and that someone was playing a little with hacked profiles...
Jump to: