Pages:
Author

Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 14. (Read 12927 times)

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security.
Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?

Get a hardware wallet. Or a SeedSigner device.
...Or set up both your cold storage and companion watch only hot wallet with Electrum on laptops with cameras, hence allowing you transfer those transactions (unsigned and signed) as QR code images.

If you're adding a secondary cold storage:
* you're doing it wrong
* you've misunderstood something and need to read more

However, this is off topic, if you have more questions please make a new topic with them.
full member
Activity: 140
Merit: 106
--snip--
How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong?

It depends on his cold wallet setup/usage. For example, using USB storage to transfer unsigned and signed transaction could  be exploited by specifically designed malware.


What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security.
Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?
copper member
Activity: 1330
Merit: 899
🖤😏
Well, that's just great, new year starting with this story for bitcoin, mixers are always involved in theft related to btc, they are going to mix and get away with it. Feeling sad for the guy.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
For example, using USB storage to transfer unsigned and signed transaction could  be exploited by specifically designed malware.

Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm...

While Peter Todd has confirmed the story, also on Twitter, I find it incredible and I still tend to think that's higher chance both Twitter accounts (Luke-Jr and Peter Todd) are compromised than all this story (including Luke calling on Twitter for FBI, come on...). Even more, no sign of this story on his Mastodon/BitcoinHackers account.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
--snip--
How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong?

It depends on his cold wallet setup/usage. For example, using USB storage to transfer unsigned and signed transaction could  be exploited by specifically designed malware.

Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.
This is my biggest fear and the worst hypothesis for this case. Hackers having technology at their disposal to break the security of blockchain. The consequences of this would be much more impactful and harmful than a single person losing 200 BTC. It could be the end of bitcoin in this case, as no one would be safe anymore. It is said by 2030 quantum computers would be able to break encryption protocols, including of bitcoin.

1. It won't be end of Bitcoin if Bitcoin switch to quantum-resistant cryptography.
2. Bitcoin don't use encryption protocol, but digital signature and hash cryptography.
legendary
Activity: 2898
Merit: 1823
It appears more than $3 million in bitcoin was stolen. This is very sad to see and I reckon some people should not make fun of this similar to those imbeciles who are replying in this thread in Twitter.



PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please.

Source https://mobile.twitter.com/lukedashjr/status/1609613748364509184

Looks like some of it is coinjoined to 1YAR6opJCfDjBNdn5bV8b5Mcu84tv92fa

Source https://mobile.twitter.com/LukeDashjr/status/1609621375349555204

432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930

c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190

4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851

50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6


Source https://mobile.twitter.com/LukeDashjr/status/1609657854113218560


That's a coordinated/targeted-attack, and probably his way of securing the keys were not very good enough. I believe we should learn from this, and start using different paths/strategies to secure our keys. If you have your whole savings in Bitcoin it's probably better to use different wallets and secure them differently to confuse the attacker. Use - Hardware Wallets, Encrypted Wallets, and other wallets written down and secured through lock/key vaults.
legendary
Activity: 4424
Merit: 4794
speculated scenarios based on limited stuff said:

"email notifications from kraken/coinbase"
maybe the hacker got to the coins he had on an exchange

or

he uploads binaries for his bitcoin knots node to his server from github. hacker replaced binary with compromised one. luke downloaded binary from server without checking (who actually checks their own work if you believe you were the one that uploaded it(why check the binaries twice))
and then put his keys into the compromised binary of bitcoinknots and "byebye bitcoinio"

both seem more plauible than a burglar entering his house.. again she would notice and not be questioning the how if his house was compromised
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
Peter Todd claims it's real: https://twitter.com/peterktodd/status/1609655629903265795, as does midnightmagic: https://twitter.com/midmagic/status/1609734368599347202

I've also heard from a couple of other secondhand sources that this is real, but I have not checked with luke myself.
Maybe so, but I trust crypto, not secondhand sources. Wake me up when the PGP key's revoked.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
A Reddit user calling himself SatStandart suggested that Dashjr not separate different activities
https://www.reddit.com/r/CryptoCurrency/comments/100tn95/bitcoin_core_dev_gets_more_than_200_btc_stolen/
Quote
He has a hot wallet on the same computer he does everything else. It seemed that he was completely complacent

Dashjr also informed users in his latest Twitter thread that he only became aware of the recent hack after getting emails from Coinbase and Kraken about login attempts.

If someone like that is not using multi-sig or a hardware wallet then they are asking for trouble.

Hate to say it, but he is a big freaking target for hacks, not even to get to his BTC but to get access to what else he has access to in terms of development and coding and private discussions with others. Getting what he had in his hot wallet on his workstation is probably a bonus. As he posted his implementation of Knots may have been compromised. That could have been a much bigger target.

-Dave
legendary
Activity: 2744
Merit: 1878
Rollbit.com | #1 Solana Casino
He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked a couple months ago.. compromising his PGP key..
thus he probably had a hot wallet and pgp key store on his server that was hacked

doubt it was a burglar entering his house to steal his hardware wallet. he would notice that and not be questioning "how"
precisely on November 17, 2022 he said in his tweet that an unknown person accessed his server and a full analysis is underway.
https://twitter.com/LukeDashjr/status/1593227756841578496

But whether he continued to trace it or not, perhaps he assumed that the attack was just an ordinary attack. But in fact it currently has an impact on hacking the PGP Key it has.

A Reddit user calling himself SatStandart suggested that Dashjr not separate different activities
https://www.reddit.com/r/CryptoCurrency/comments/100tn95/bitcoin_core_dev_gets_more_than_200_btc_stolen/
Quote
He has a hot wallet on the same computer he does everything else. It seemed that he was completely complacent

Dashjr also informed users in his latest Twitter thread that he only became aware of the recent hack after getting emails from Coinbase and Kraken about login attempts.

CZ as The CEO of Binance also expressed his concern via Twitter at the hacking incident experienced by Luke Dashjr.
https://twitter.com/cz_binance/status/1609663902610034691
Quote
Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have Law Enforcement (LE) relationships worldwide.

LukeDashjr, as the core developer of Bitcoin Core, can be hacked, especially for those of us who are nobody, of course it's easier to hack. But this is also due to weak security levels and needing updates and not being careless and taking every attack seriously.

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked a couple months ago.. compromising his PGP key..
thus he probably had a hot wallet and pgp key store on his server that was hacked

doubt it was a burglar entering his house to steal his hardware wallet. he would notice that and not be questioning "how"

Here is the tweet about it: https://mobile.twitter.com/LukeDashjr/status/1593227756841578496

I am actually thinking the other way, that something else on his network was compromised and that allowed access to his server.
But if they also got private keys in cold storage then it could also be a physical attack that he was not aware of or something else.

He said that the attack on his serves was targeted to them.

Very strange. But, not out of the realm of possibility.

-Dave
legendary
Activity: 3808
Merit: 1723
He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked. thus he had a hot wallet and pgp key store on his server that was hacked

Yes this seems like the most possible explaination but he is saying the server didn’t store any bitcoins or have access to those bitcoins.

Reading his posts he claims that he has bars on his office windows, and has a large heavy door that he locks with the key. And he also keeps everything separate on his activity between different computers.

And reading more into this, it seems it might actually be real and freaking out how this can happen to someone with security so tight and somehow got his bitcoins stolen.
legendary
Activity: 4424
Merit: 4794
He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked a couple months ago.. compromising his PGP key..
thus he probably had a hot wallet and pgp key store on his server that was hacked

doubt it was a burglar entering his house to steal his hardware wallet. he would notice that and not be questioning "how"
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
Good lord. I usually go "meh, another careless dude" when someone gets hacked, but we're talking about Luke here — an actual OG developer; probably a hundred times more technically literate than me. This made me nervous as hell.
hero member
Activity: 2044
Merit: 784
Leading Crypto Sports Betting & Casino Platform
Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.
This is my biggest fear and the worst hypothesis for this case. Hackers having technology at their disposal to break the security of blockchain. The consequences of this would be much more impactful and harmful than a single person losing 200 BTC. It could be the end of bitcoin in this case, as no one would be safe anymore. It is said by 2030 quantum computers would be able to break encryption protocols, including of bitcoin.
legendary
Activity: 3808
Merit: 1723
He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

If hardware wallet or electrum was compromised then we would get more reports. Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.

No idea what to make of this. There is also a poll and 65% think he wasn’t really hacked.
full member
Activity: 140
Merit: 106


Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting. He is a smart guy. He probably has iron clad security.

Because I find it odd he would post “fbi please help” or saying his PGP is compromised which wouldn’t do anything related to his hot wallet. Only the software he signs.

Also if it’s true cold storage it’s not possible to get that stolen. I think that his Twitter is hacked due to the leak last week and he is going to post a “please send donations” tweet and that’s the payoff in this hack.



How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong?
staff
Activity: 3458
Merit: 6793
Just writing some code
my money's on his Twitter account being hacked and posting FUD.

Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting.
Peter Todd claims it's real: https://twitter.com/peterktodd/status/1609655629903265795, as does midnightmagic: https://twitter.com/midmagic/status/1609734368599347202

I've also heard from a couple of other secondhand sources that this is real, but I have not checked with luke myself.



How is a PGP key related to bitcoins being stolen?
If they were being kept on the same machine that has been compromised, that's how.

And what kind of help is he expecting to get?
Help with doing forensics to figure out what happened, help with recovering the funds. And just generally, probably panicking too.
legendary
Activity: 4522
Merit: 3426
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please.

That is an odd statement for anyone who has been around as long as luke-jr to make. How is a PGP key related to bitcoins being stolen? And what kind of help is he expecting to get?
legendary
Activity: 3808
Merit: 1723


Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting. He is a smart guy. He probably has iron clad security.

Because I find it odd he would post “fbi please help” or saying his PGP is compromised which wouldn’t do anything related to his hot wallet. Only the software he signs.

Also if it’s true cold storage it’s not possible to get that stolen. I think that his Twitter is hacked due to the leak last week and he is going to post a “please send donations” tweet and that’s the payoff in this hack.

Pages:
Jump to: