Pages:
Author

Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 4. (Read 12899 times)

legendary
Activity: 3010
Merit: 8114
What about human behaviour? How to stick to the best practises all the time, resist cutting corners, for example.

Stick to best practices & resist cutting corners I think covers a good chunk of it.

In addition I'd recommend staying humble and never thinking you are too smart or too pro to make mistakes.
member
Activity: 143
Merit: 82
What lessons to learn from the Luke Dashjr private keys (data) breach? How to prevent, counter-measure and cope with that kind of attacks?

Get a hardware wallet and write your backups onto paper with your own hand.

That's from technical perspective. What about human behaviour? How to stick to the best practises all the time, resist cutting corners, for example.

Thanks for a reply.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
What lessons to learn from the Luke Dashjr private keys (data) breach? How to prevent, counter-measure and cope with that kind of attacks?

Get a hardware wallet and write your backups onto paper with your own hand.
member
Activity: 143
Merit: 82
What lessons to learn from the Luke Dashjr private keys (data) breach? How to prevent, counter-measure and cope with that kind of attacks? (Also, why we can't already learn more or enough within the 2 weeks that elapsed).
legendary
Activity: 4410
Merit: 4788

fungibility is not a boolean option of yes or no. its a sliding scale

In the strictest sense, bitcoin is not fungible since the holder of some bitcoin could be discriminated against based on that particular bitcoin's transaction history.

to be truly fungible, it has to be indistinguishable from any other bitcoin. and it's not.

no one cares about bitcoin not being "fungible enough" until it affects them. like when they go and deposit it into an exchange and the exchange freezes their deposit pending an investigation and possible involvement of law enforcement.
if you are depositing funds that are a 100% uxto from a stolen stash.
or every serial number of bank notes deposited at a bank are from a known bank robbery.. the % of suspicion is 100%

however there is a % /rating system of suspicion its not boolean...
there is a scale with thresholds.. whether its bitcoin or fiat

EG moving $10k of any denomination of funds across a border via hidden in a trunk of a car.. has a higher rating and above a certain threshold.. compared to
having it on your debit card when you travel abroad
compared to
moving $10k within a border to buy your fiancee that wedding ring she expects
..
also to note.about regulations and guidelines(yep you can research it):
just the slight suspicion of say 1% taint or 1 bank note of 100 bank notes being a serial number linked to a robbery, is not enough to freeze accounts. yes there are maybe some investigation going on behind the scenes after deposit at CEX/bank/business level.. . but they have to by regulation let the currency flow.  and not tell you about investigation..
IF certain things meet a threshold, they SAR report it to authorities.. again while letting the currency flow..
IF authorities determine there is significance of a crime the authorities get a court order and then.. an account is frozen
try not to put your unlearned unresearched opinion of how things work to mean more than whats easily available to learn and research, factual process of how MSB's process funds and investigate.
.. people can "earn suspicion points the more they use a service where more and more deposits all have certain flaggable" traits until it meets certain thresholds.

heck i am not even a MSB but i have used them and in my own risk awareness of wanting to secure my value when using a CEX, i actually bothered to research how a CEX(msb) would handle my funds. by reading a CEX user agreement policy, terms and conditions and also the MSB guidelines/handbook of how they work internally with things like the SEC and FATF.. its all available via google. and so i use google and find source information when i want to learn something

regulators tell MSB's of certain thresholds they want to see to trigger a SAR and CEX(msb) create their own methodology to investigate things and rate things to see what meets those thresholds before filing such reports

Quote
..
from a legal prospective. legacy has keys and signatures. thus in legal terms.. property law, privacy laws can apply if fought in court
recent transaction formats only have witness statements(scripts) and passphrases(access not ownership). so even saying your the witness/accessor doesnt mean your the owner/victim.
sorry franky i don't know enough about that topic to make a proper comment. but it doesn't sound right. there is always an owner to some bitcoin address. that's the person that has the ability to spend it  Roll Eyes courts would probably think so too.

Quote
luckily luke used legacy so he can be owner/victim of theft. unlike those using new style formats
you mean like bech32? that's just a way of encoding a bitcoin private key into an address. no different than legacy really...

Quote
but to awaken people to such notions and possibilities and also awaken them to how things actually stand now legally.. needs educating people into the actual events of the past and present... and no, not the versions they read on social media version of events that did not occur the way the social media are presenting them
well what do you think about binance and their little busd unpegging story in the news? you think it was real or you believe what they say? Huh

if you can see something in hard data thats about the source item EG you can see that busd unpegged by looking at actual charts and network data... then it did happen.. but if you are relying solely on social media and media in general, then you are not checking your sources, thus please check sources.

i dont use binance nor stablecoins. so i never checked your specific example nor cared to..
i dont know or care about CZ. my gripe is seeing the amount of people that dont think or dont research
(there is a game called chain of whispers which for humour was branded chinese whispers.. where someone whispers something to another person who whispers it to the next and so on.. where by the end, the message is completely different than the source... that is pretty much how social media works.. the message can get lost in translation in the media circles of each persons opinion of what they read, seen, heard)

its why i keep saying DYOR (do your own research) to people

but now prompted by you.. i just did have a look (today) and yes it appears that on 19th of march 2020 it did depeg temporarily beyond its 99.98% allowable threshold. to go down to 97%
and i checked by looking at chart data. not social media.. and it took me under 15 seconds to load the page and select the 'all' timeline and see the chart wiggles.. much faster than it would take to try finding some social media opinion about some tweet found somewhere that was linked somewhere in some topic on the forum.

i could then try googling the reason for the temporary event depeg. but im not interested in that. but i know i can.
if busd continued to be below a 99% amount for a lengthy period, and it started to affect the whole crypto ecosystem.. . then it would be more interesting to research. but small 1 day events are meaningless over all if they dont effect the ecosystem beyond that day, are not interesting and not worth thinking about 4 years later

so try checking sources and finding full context and content. and relevance

EG lukes actual tweets reveal he had coins on legacy addresses. so when sily people start talking about hardware wallets and passphrases.. they are not talking about actual events. they are saying shouldisms. but those shouldisms can only be true if luke first moved coin from legacy and chose to put his change destination to a HW wallet seeded address(my advice) however just using his node would have and did put lukes stash onto another legacy change address, meaning exposing his wallet(again i mentioned this). as seen by checking his previous spend events before the theft
sr. member
Activity: 1190
Merit: 469

fungibility is not a boolean option of yes or no. its a sliding scale

In the strictest sense, bitcoin is not fungible since the holder of some bitcoin could be discriminated against based on that particular bitcoin's transaction history.

to be truly fungible, it has to be indistinguishable from any other bitcoin. and it's not.

no one cares about bitcoin not being "fungible enough" until it affects them. like when they go and deposit it into an exchange and the exchange freezes their deposit pending an investigation and possible involvement of law enforcement.

Quote
..
from a legal prospective. legacy has keys and signatures. thus in legal terms.. property law, privacy laws can apply if fought in court
recent transaction formats only have witness statements(scripts) and passphrases(access not ownership). so even saying your the witness/accessor doesnt mean your the owner/victim.
sorry franky i don't know enough about that topic to make a proper comment. but it doesn't sound right. there is always an owner to some bitcoin address. that's the person that has the ability to spend it  Roll Eyes courts would probably think so too.

Quote
luckily luke used legacy so he can be owner/victim of theft. unlike those using new style formats
you mean like bech32? that's just a way of encoding a bitcoin private key into an address. no different than legacy really...

Quote
but to awaken people to such notions and possibilities and also awaken them to how things actually stand now legally.. needs educating people into the actual events of the past and present... and no, not the versions they read on social media version of events that did not occur the way the social media are presenting them
well what do you think about binance and their little busd unpegging story in the news? you think it was real or you believe what they say? Huh
legendary
Activity: 4410
Merit: 4788
ok seems someone is on a social drama craze and not a fact finding craze
ok, ill add you to the list of people that dont care about learning..
..
moving on

luckily bitcoin is not fungible though. otherwise this thief might actually get away with the stolen funds. maybe someday they'll invent a technology that allows bitcoins to be turned into fungible bitcoins if someone uses a particular transaction type or address type. now that would be something. but only responsible people need apply. people that know how to manage their money... Angry

fungibility is not a boolean option of yes or no. its a sliding scale
..
from a legal prospective. legacy has keys and signatures. thus in legal terms.. property law, privacy laws can apply if fought in court
recent transaction formats only have witness statements(scripts) and passphrases(access not ownership). so even saying your the witness/accessor doesnt mean your the owner/victim.

luckily luke used legacy so he can be owner/victim of theft. unlike those using new style formats

yes there could be new transaction formats that come with their own terminology to not be defining their held value as a currency, asset, commodity, but as property. and businesses can classify deposits of that format as such classification. to separate value into different piles/allotments for different purposes

but to then limit who can use such format. then presents its own problems of a decentralised open system

but to awaken people to such notions and possibilities and also awaken them to how things actually stand now legally.. needs educating people into the actual events of the past and present... and no, not the versions they read on social media version of events that did not occur the way the social media are presenting them
sr. member
Activity: 1190
Merit: 469
ok seems someone is on a social drama craze and not a fact finding craze
ok, ill add you to the list of people that dont care about learning..
..
moving on

luckily bitcoin is not fungible though. otherwise this thief might actually get away with the stolen funds. maybe someday they'll invent a technology that allows bitcoins to be turned into fungible bitcoins if someone uses a particular transaction type or address type. now that would be something. but only responsible people need apply. people that know how to manage their money... Angry
legendary
Activity: 4410
Merit: 4788
ok seems someone is on a social drama craze and not a fact finding craze
ok, ill add you to the list of people that dont care about learning..
..
moving on

sr. member
Activity: 1190
Merit: 469
ha ha ha.. a snippit out of context



.. but hey i guess the full context of the facts of the actual social drama HOURS of may 8th 2019 dont matter. becasue instead some tweet/social thing your read in 2023 means more than facts of actual events of 3year 7 months ago..

the only thing he got right about his assessment was how he would mess up bitcoin's credibility (for years to come no doubt) if he were to do something stupid like that. Shocked hopefully no one would have gone along with his little scheme. nothing is out of context franky, he said those words. they stand by themself. it's unfortunate that he would have ever even considered such a thing in the first place but anyhow...

legendary
Activity: 4410
Merit: 4788
ha ha ha.. a snippit out of context

you missed the parts where he said others gave him the idea
you missed the parts where he said he doubted HE could do it

you also missed the "can" and "if" and just thought it meant "will" and "dont care about"

and you are not understanding the "we" involved in the statement you snipped

and you ignored that he said that his priorities were first to secure the security holes in the system/

and how just hours later he told everyone he is not doing it...

thus it didnt happen. it was a non event and the idea was not even his idea

.. but hey i guess the full context of the facts of the actual social drama HOURS of may 8th 2019 dont matter. becasue instead some tweet/social thing your read in 2023 means more than facts of actual events of 3year 7 months ago..


its like this
larry:"someone told me to jump off a bridge. its possible in the next few days, im just concerned if the bungee rope wont break and damage my head when i fall"
8 hours later
"i spoke with the people about concerns and im not going to jump off a bridge"

4 years later
latery is a suicidal maniac he wants to jump off a bridge this year becasue he said he would kill himself 4 years ago
sr. member
Activity: 1190
Merit: 469

and if you had a hand full of btc but wanted monero.. you would need to
_ _ _ _ _ _ _ _  it . missing word starts and ends with an e
you could swap your btc for monero in a decentralized fashion. not sure what word you're thinking about though. Undecided

Quote
and if you had a hand full of monero but wanted btc.. you would need to
_ _ _ _ _ _ _ _  it . missing word starts and ends with an e
atomic swap it? not sure what word you're thinking of exactly.  Huh


Quote
whats with certain people lately thinking binance ever wanted to fork bitcoin
oh wait. guess they didnt do the research*

well here's some research for you:

"To be honest, we can actually do this probably within the next few days. But there are concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin."

guess who said that? do you really think this guy could pull that off? he must be really delusional if he thinks he could. and what's even worse is how he thought that might be an acceptable thing to try and do. Shocked

legendary
Activity: 4410
Merit: 4788
YOU were the one advertising in this topic involving a theft of $3 million that lightning is the solution to wash the hacked coins clean!!! as you called it the "greatest"

but thank you for now admitting you happen to now remember that its not designed for that... thus not the "greatest"
nice try shifting the adversary, but you are your own worse adversary

i was the one telling YOU that LN was not designed for large amounts. heck i even told you the limitations using $ amount limits based on the stats of capacity/liquidity of routes
i think you need to see an optician
..
when you learn about LN's "gossip" and how channels funding is actually public. you may learn that with the lack of events per second.. finding the path and thus destination due to gossip becomes EASY

heres your dilemma
you think that you are safe because no one can peel the whole onion skin to core...
but you forget/dont know/ignore.. that they have ways to simply watch where the onion plays pass the parcel without needing to peel the onion.. especially on a low-use system where packet sniffing and gossip listening is EASY to monitor for "channel updates" due to lack of noise

im sure you probably do know it but dont want to say it out loud.. but if you dont then thats a failure on your part
i consider you do know it which is why you and ur chums are full on pedal to the metal, snake oil utopia, trying to recruit new people into your silly system to create more noise in the "gossip process". even if you are not morally telling your recruits of the many flaws you are inviting them into

trying to cause innocent people to be put on a AEC weido list just so you can exit an AEC with clean funds... leaving the innocent people with dirty coins. is not moral or letting your innocent recruits be informed of said weirdo lists, liquidity issues, how they end up with dirty coin.. and how they can be conned, scammed and easily stolen from due to many other flaws of your favoured service..

for someone that pretends is securing his stash. you sound less like a risk-aware guy, looking for flaws to help know the risks and inform others of risks/flaws... and more of a snake oil advertiser only selling the utopian best case dream

..
last point
if things were so binary fungible and untraceable.. why have you put soo much effort into needing to recruit. why are you so worried about "dirty" why even need a mixer if you think everything is fungible
answer: because you know deep down behind the hidden advert messages.. that things are not as you say they are
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
in LN some nodes can be on the route to notable services to traffic analyse payments going through them
They don't know what's the destination, though. That's another level of privacy, comparably with the blockchain.

LN would completely bottleneck and fail if it had to try routing 200btc in a small time period
If you took the time to read the whitepaper, you'd acknowledge that lightning exists for micro-transactions. Not for 3 million dollars worth transactions. But, yeah, I'm the one who needs research.  Roll Eyes

It is possible that Luke might have done something which made him vulnerable to the hack.
That. I don't understand why such fuss for this. Isn't it possible that a smart person makes a human mistake? Don't smart people lose their cash by accident every day?
full member
Activity: 1134
Merit: 140
Good lord. I usually go "meh, another careless dude" when someone gets hacked, but we're talking about Luke here — an actual OG developer; probably a hundred times more technically literate than me. This made me nervous as hell.
You are right. That is actually frightening how an OG Developer can get hacked and lose a large amount of bag. It shows how smart and dangerous hackers have become nowadays that they can trick literally anyone. Also on another hand, humans make mistakes. It is possible that Luke might have done something which made him vulnerable to the hack. There are so many malware and viruses which come along with files we download from the internet and can compromise/control our systems.
legendary
Activity: 4410
Merit: 4788
It's safe to assume that using Monero (or any other "anonymous" coin) would indeed put you on a list of someone that is interested in obfuscating their finances for whatever reason.
Maybe that implies for anything privacy respecting nowadays. If you're caught to using Tor Browser, you're put to the "weirdos" list. If you're caught to install Tails, you're suspicious. If you're caught to use protonmail instead of gmail, weirdo! LineageOS, or any other privacy focused mobile OS instead of iOS / android, real freak.

If you're caught to selling XMR to a KYC-ed exchange, you need an unusual reason as justification, because it sounds really dumb.

What's even crazier than using Monero is using a mixer. My bet is all mixing processes will be totally deanonymize-able before the year's end.
Everywhere there's mixing though. Move to another wallet, and you just (poorly) mixed your coins. Convert your BTC to LN-BTC, and you're just taking advantage of the greatest, decentralized Bitcoin mixer available. Use a DEX, and no chain analyzing company can safely assume what you're doing.

the concept of a weirdo list is very true and yes its part of narrowing down "suspect list".. and im actually preferring blackhats term of a "weirdo list"

as for his yet again overly hyped and salivating at the mouth promotion of lightning. blackhat has fallen down several holes and hit his head and not done the research (or has done the research but doesnt want to talk about the negative flaws, non-hyped advert positive stuff)
..
just like tor, certain analysis/data agents can become some of the "bridges" and "exit" nodes of tor to then identify traffic.. in LN some nodes can be on the route to notable services to traffic analyse payments going through them

the only saviour feature of LN. is that because LN can only handle routes of ~$570 MAX(if lucky(avg channel cap /2 parties)) governments and more precisely regulators and more precisely data companies delegated to analyse and identify a weirdo list.. simply dont care about your silly small drug deal amounts.

you'll still be on a weirdo list but they wont bother you(handcuffs) unless your criminality is worthy a stiff sentence

as for his avoidance of the obvious negative flaw of LN (liquidity)
LN would completely bottleneck and fail if it had to try routing 200btc in a small time period

if your destined LN recipient for a swap only has imbound ~$570. and the hops(route middlemen) only have the same. there is a limit to how much can be moved


oh and by the way. most of the LN crew keep promoting "look guys i done [under 400] events this month"
meaning when events can finalise in under 1second it shows a massive time gap between events. meaning just watching for the gossip "channel updates" makes it easy to find the paths..
oh and even funnier.. the channels reveal their funding utxo's so even easier to "follow the money"

simple math if they do under 12 events(routes) a day meaning 1 per 2 hours, meaning, 1 per 7200 seconds
its very easy to spot the paths that update(gossip) in that specific timeframe of a few seconds without much "noise" happening near that timeframe
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
NSA analyze and save the IP of every persone download tor browser since 2013.
And I really don't understand what conclusion one can make with this information.

With obfs bridges you can try hide to your ISP that you're using tor. Welcome to 1984.
I don't want to, actually. My ISP doesn't block my entrance to the Tor network, and I neither care if they know I'm using Tor. Just as mixing bitcoin, I don't care if somebody knows I'm part of the process of mixing / using Tor. Quite the opposite. I want them to know I'm respecting my privacy. What I don't want them is to know the final destination each of my processes.
jr. member
Activity: 39
Merit: 76
Host of 'Il Priorato del Bitcoin' podcast.
It's safe to assume that using Monero (or any other "anonymous" coin) would indeed put you on a list of someone that is interested in obfuscating their finances for whatever reason.
Maybe that implies for anything privacy respecting nowadays. If you're caught to using Tor Browser, you're put to the "weirdos" list. If you're caught to install Tails, you're suspicious. If you're caught to use protonmail instead of gmail, weirdo! LineageOS, or any other privacy focused mobile OS instead of iOS / android, real freak.

If you're caught to selling XMR to a KYC-ed exchange, you need an unusual reason as justification, because it sounds really dumb.

What's even crazier than using Monero is using a mixer. My bet is all mixing processes will be totally deanonymize-able before the year's end.
Everywhere there's mixing though. Move to another wallet, and you just (poorly) mixed your coins. Convert your BTC to LN-BTC, and you're just taking advantage of the greatest, decentralized Bitcoin mixer available. Use a DEX, and no chain analyzing company can safely assume what you're doing.

NSA analyze and save the IP of every persone download tor browser since 2013.

With obfs bridges you can try hide to your ISP that you're using tor. Welcome to 1984.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
It's safe to assume that using Monero (or any other "anonymous" coin) would indeed put you on a list of someone that is interested in obfuscating their finances for whatever reason.
Maybe that implies for anything privacy respecting nowadays. If you're caught to using Tor Browser, you're put to the "weirdos" list. If you're caught to install Tails, you're suspicious. If you're caught to use protonmail instead of gmail, weirdo! LineageOS, or any other privacy focused mobile OS instead of iOS / android, real freak.

If you're caught to selling XMR to a KYC-ed exchange, you need an unusual reason as justification, because it sounds really dumb.

What's even crazier than using Monero is using a mixer. My bet is all mixing processes will be totally deanonymize-able before the year's end.
Everywhere there's mixing though. Move to another wallet, and you just (poorly) mixed your coins. Convert your BTC to LN-BTC, and you're just taking advantage of the greatest, decentralized Bitcoin mixer available. Use a DEX, and no chain analyzing company can safely assume what you're doing.
legendary
Activity: 3010
Merit: 8114
It's safe to assume that using Monero (or any other "anonymous" coin) would indeed put you on a list of someone that is interested in obfuscating their finances for whatever reason. This isn't 2015 anymore guys, governments aren't dumb, anyone that is crazy enough to send Monero to an exchange without at least using some precautionary measures is asking for it.

If you're cashing out a significant sum of XMR through a KYC exchange for fiat, then yes, you want to have a legal reason for doing so. However, there are tons of alternatives these days. You can even buy gift cards with it now. If privacy is your goal, BTC doesn't hold a candle to XMR. There's a reason why the largest darknet markets don't support BTC as a payment option anymore.

Anyway, anyone got any news? last I've heard is hackers were chipmixing the stuff:
https://twitter.com/ErgoBTC/status/1611169585457238018

What's even crazier than using Monero is using a mixer. My bet is all mixing processes will be totally deanonymize-able before the year's end.

It is also somewhat remarkable that ChipMixer has still managed to evade sanctions.
Pages:
Jump to: