Bitcoin developer @lukedashjr's wallet was hacked - page 14.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: MiliMil on January 02, 2023, 06:37:59 AM

What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security.
Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?

Get a hardware wallet. Or a SeedSigner device.
...Or set up both your cold storage and companion watch only hot wallet with Electrum on laptops with cameras, hence allowing you transfer those transactions (unsigned and signed) as QR code images.

If you're adding a secondary cold storage:
* you're doing it wrong
* you've misunderstood something and need to read more

However, this is off topic, if you have more questions please make a new topic with them.

MiliMil

full member

Activity: 126

Merit: 106

Quote from: ABCbits on January 02, 2023, 06:06:18 AM

Quote from: MiliMil on January 02, 2023, 12:53:09 AM

Quote from: adaseb on January 01, 2023, 11:12:09 PM

--snip--

How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong?

It depends on his cold wallet setup/usage. For example, using USB storage to transfer unsigned and signed transaction could be exploited by specifically designed malware.

What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security.
Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Well, that's just great, new year starting with this story for bitcoin, mixers are always involved in theft related to btc, they are going to mix and get away with it. Feeling sad for the guy.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: ABCbits on January 02, 2023, 06:06:18 AM

For example, using USB storage to transfer unsigned and signed transaction could be exploited by specifically designed malware.

Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm...

While Peter Todd has confirmed the story, also on Twitter, I find it incredible and I still tend to think that's higher chance both Twitter accounts (Luke-Jr and Peter Todd) are compromised than all this story (including Luke calling on Twitter for FBI, come on...). Even more, no sign of this story on his Mastodon/BitcoinHackers account.

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: MiliMil on January 02, 2023, 12:53:09 AM

Quote from: adaseb on January 01, 2023, 11:12:09 PM

--snip--

How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong?

It depends on his cold wallet setup/usage. For example, using USB storage to transfer unsigned and signed transaction could be exploited by specifically designed malware.

Quote from: uneng on January 02, 2023, 01:39:04 AM

Quote from: adaseb on January 02, 2023, 01:22:41 AM

Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.

This is my biggest fear and the worst hypothesis for this case. Hackers having technology at their disposal to break the security of blockchain. The consequences of this would be much more impactful and harmful than a single person losing 200 BTC. It could be the end of bitcoin in this case, as no one would be safe anymore. It is said by 2030 quantum computers would be able to break encryption protocols, including of bitcoin.

1. It won't be end of Bitcoin if Bitcoin switch to quantum-resistant cryptography.
2. Bitcoin don't use encryption protocol, but digital signature and hash cryptography.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: bbc.reporter on January 01, 2023, 08:21:38 PM

It appears more than $3 million in bitcoin was stolen. This is very sad to see and I reckon some people should not make fun of this similar to those imbeciles who are replying in this thread in Twitter.

PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please.

Source https://mobile.twitter.com/lukedashjr/status/1609613748364509184

Looks like some of it is coinjoined to 1YAR6opJCfDjBNdn5bV8b5Mcu84tv92fa

Source https://mobile.twitter.com/LukeDashjr/status/1609621375349555204

432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930

c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190

4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851

50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6

Source https://mobile.twitter.com/LukeDashjr/status/1609657854113218560

That's a coordinated/targeted-attack, and probably his way of securing the keys were not very good enough. I believe we should learn from this, and start using different paths/strategies to secure our keys. If you have your whole savings in Bitcoin it's probably better to use different wallets and secure them differently to confuse the attacker. Use - Hardware Wallets, Encrypted Wallets, and other wallets written down and secured through lock/key vaults.

franky1

legendary

Activity: 4214

Merit: 4458

speculated scenarios based on limited stuff said:

"email notifications from kraken/coinbase"
maybe the hacker got to the coins he had on an exchange

or

he uploads binaries for his bitcoin knots node to his server from github. hacker replaced binary with compromised one. luke downloaded binary from server without checking (who actually checks their own work if you believe you were the one that uploaded it(why check the binaries twice))
and then put his keys into the compromised binary of bitcoinknots and "byebye bitcoinio"

both seem more plauible than a burglar entering his house.. again she would notice and not be questioning the how if his house was compromised

Foxpup

legendary

Activity: 4326

Merit: 3041

Vile Vixen and Miss Bitcointalk 2021-2023

Quote from: achow101 on January 02, 2023, 12:29:40 AM

Peter Todd claims it's real: https://twitter.com/peterktodd/status/1609655629903265795, as does midnightmagic: https://twitter.com/midmagic/status/1609734368599347202

I've also heard from a couple of other secondhand sources that this is real, but I have not checked with luke myself.

Maybe so, but I trust crypto, not secondhand sources. Wake me up when the PGP key's revoked.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: taufik123 on January 02, 2023, 02:16:02 AM

A Reddit user calling himself SatStandart suggested that Dashjr not separate different activities
https://www.reddit.com/r/CryptoCurrency/comments/100tn95/bitcoin_core_dev_gets_more_than_200_btc_stolen/

Quote

He has a hot wallet on the same computer he does everything else. It seemed that he was completely complacent

Dashjr also informed users in his latest Twitter thread that he only became aware of the recent hack after getting emails from Coinbase and Kraken about login attempts.

If someone like that is not using multi-sig or a hardware wallet then they are asking for trouble.

Hate to say it, but he is a big freaking target for hacks, not even to get to his BTC but to get access to what else he has access to in terms of development and coding and private discussions with others. Getting what he had in his hot wallet on his workstation is probably a bonus. As he posted his implementation of Knots may have been compromised. That could have been a much bigger target.

-Dave

taufik123

legendary

Activity: 2464

Merit: 1703

airbet.io

Quote from: franky1 on January 02, 2023, 01:45:54 AM

Quote from: adaseb on January 02, 2023, 01:22:41 AM

He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked a couple months ago.. compromising his PGP key..
thus he probably had a hot wallet and pgp key store on his server that was hacked

doubt it was a burglar entering his house to steal his hardware wallet. he would notice that and not be questioning "how"

precisely on November 17, 2022 he said in his tweet that an unknown person accessed his server and a full analysis is underway.
https://twitter.com/LukeDashjr/status/1593227756841578496

But whether he continued to trace it or not, perhaps he assumed that the attack was just an ordinary attack. But in fact it currently has an impact on hacking the PGP Key it has.

A Reddit user calling himself SatStandart suggested that Dashjr not separate different activities
https://www.reddit.com/r/CryptoCurrency/comments/100tn95/bitcoin_core_dev_gets_more_than_200_btc_stolen/

Quote

He has a hot wallet on the same computer he does everything else. It seemed that he was completely complacent

Dashjr also informed users in his latest Twitter thread that he only became aware of the recent hack after getting emails from Coinbase and Kraken about login attempts.

CZ as The CEO of Binance also expressed his concern via Twitter at the hacking incident experienced by Luke Dashjr.
https://twitter.com/cz_binance/status/1609663902610034691

Quote

Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have Law Enforcement (LE) relationships worldwide.

LukeDashjr, as the core developer of Bitcoin Core, can be hacked, especially for those of us who are nobody, of course it's easier to hack. But this is also due to weak security levels and needing updates and not being careless and taking every attack seriously.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: franky1 on January 02, 2023, 01:45:54 AM

Quote from: adaseb on January 02, 2023, 01:22:41 AM

He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked a couple months ago.. compromising his PGP key..
thus he probably had a hot wallet and pgp key store on his server that was hacked

doubt it was a burglar entering his house to steal his hardware wallet. he would notice that and not be questioning "how"

Here is the tweet about it: https://mobile.twitter.com/LukeDashjr/status/1593227756841578496

I am actually thinking the other way, that something else on his network was compromised and that allowed access to his server.
But if they also got private keys in cold storage then it could also be a physical attack that he was not aware of or something else.

He said that the attack on his serves was targeted to them.

Very strange. But, not out of the realm of possibility.

-Dave

adaseb

legendary

Activity: 3738

Merit: 1708

Quote from: franky1 on January 02, 2023, 01:45:54 AM

Quote from: adaseb on January 02, 2023, 01:22:41 AM

He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked. thus he had a hot wallet and pgp key store on his server that was hacked

Yes this seems like the most possible explaination but he is saying the server didn’t store any bitcoins or have access to those bitcoins.

Reading his posts he claims that he has bars on his office windows, and has a large heavy door that he locks with the key. And he also keeps everything separate on his activity between different computers.

And reading more into this, it seems it might actually be real and freaking out how this can happen to someone with security so tight and somehow got his bitcoins stolen.

franky1

legendary

Activity: 4214

Merit: 4458

Quote from: adaseb on January 02, 2023, 01:22:41 AM

He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

he said his server was hacked a couple months ago.. compromising his PGP key..
thus he probably had a hot wallet and pgp key store on his server that was hacked

doubt it was a burglar entering his house to steal his hardware wallet. he would notice that and not be questioning "how"

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Good lord. I usually go "meh, another careless dude" when someone gets hacked, but we're talking about Luke here — an actual OG developer; probably a hundred times more technically literate than me. This made me nervous as hell.

uneng

hero member

Activity: 2030

Merit: 777

Leading Crypto Sports Betting & Casino Platform

Quote from: adaseb on January 02, 2023, 01:22:41 AM

Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.

This is my biggest fear and the worst hypothesis for this case. Hackers having technology at their disposal to break the security of blockchain. The consequences of this would be much more impactful and harmful than a single person losing 200 BTC. It could be the end of bitcoin in this case, as no one would be safe anymore. It is said by 2030 quantum computers would be able to break encryption protocols, including of bitcoin.

adaseb

legendary

Activity: 3738

Merit: 1708

He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

If hardware wallet or electrum was compromised then we would get more reports. Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.

No idea what to make of this. There is also a poll and 65% think he wasn’t really hacked.

MiliMil

full member

Activity: 126

Merit: 106

Quote from: adaseb on January 01, 2023, 11:12:09 PM

Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting. He is a smart guy. He probably has iron clad security.

Because I find it odd he would post “fbi please help” or saying his PGP is compromised which wouldn’t do anything related to his hot wallet. Only the software he signs.

Also if it’s true cold storage it’s not possible to get that stolen. I think that his Twitter is hacked due to the leak last week and he is going to post a “please send donations” tweet and that’s the payoff in this hack.

How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong?

achow101

staff

Activity: 3374

Merit: 6530

Just writing some code

Quote from: Foxpup on January 01, 2023, 09:23:15 PM

my money's on his Twitter account being hacked and posting FUD.

Quote from: adaseb on January 01, 2023, 11:12:09 PM

Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting.

Peter Todd claims it's real: https://twitter.com/peterktodd/status/1609655629903265795, as does midnightmagic: https://twitter.com/midmagic/status/1609734368599347202

I've also heard from a couple of other secondhand sources that this is real, but I have not checked with luke myself.

Quote from: odolvlobo on January 02, 2023, 12:28:48 AM

How is a PGP key related to bitcoins being stolen?

If they were being kept on the same machine that has been compromised, that's how.

Quote from: odolvlobo on January 02, 2023, 12:28:48 AM

And what kind of help is he expecting to get?

Help with doing forensics to figure out what happened, help with recovering the funds. And just generally, probably panicking too.

odolvlobo

legendary

Activity: 4298

Merit: 3209

Quote from: bbc.reporter on January 01, 2023, 08:21:38 PM

PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please.

That is an odd statement for anyone who has been around as long as luke-jr to make. How is a PGP key related to bitcoins being stolen? And what kind of help is he expecting to get?

adaseb

legendary

Activity: 3738

Merit: 1708

Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting. He is a smart guy. He probably has iron clad security.

Because I find it odd he would post “fbi please help” or saying his PGP is compromised which wouldn’t do anything related to his hot wallet. Only the software he signs.

Also if it’s true cold storage it’s not possible to get that stolen. I think that his Twitter is hacked due to the leak last week and he is going to post a “please send donations” tweet and that’s the payoff in this hack.

Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 14. (Read 12796 times)