Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 4. (Read 12899 times)

Stick to best practices & resist cutting corners I think covers a good chunk of it.

In addition I'd recommend staying humble and never thinking you are too smart or too pro to make mistakes.

That's from technical perspective. What about human behaviour? How to stick to the best practises all the time, resist cutting corners, for example.

Thanks for a reply.

Get a hardware wallet and write your backups onto paper with your own hand.

What lessons to learn from the Luke Dashjr private keys (data) breach? How to prevent, counter-measure and cope with that kind of attacks? (Also, why we can't already learn more or enough within the 2 weeks that elapsed).

if you are depositing funds that are a 100% uxto from a stolen stash.
or every serial number of bank notes deposited at a bank are from a known bank robbery.. the % of suspicion is 100%

however there is a % /rating system of suspicion its not boolean...
there is a scale with thresholds.. whether its bitcoin or fiat

EG moving $10k of any denomination of funds across a border via hidden in a trunk of a car.. has a higher rating and above a certain threshold.. compared to
having it on your debit card when you travel abroad
compared to
moving $10k within a border to buy your fiancee that wedding ring she expects
..
also to note.about regulations and guidelines(yep you can research it):
just the slight suspicion of say 1% taint or 1 bank note of 100 bank notes being a serial number linked to a robbery, is not enough to freeze accounts. yes there are maybe some investigation going on behind the scenes after deposit at CEX/bank/business level.. . but they have to by regulation let the currency flow.  and not tell you about investigation..
IF certain things meet a threshold, they SAR report it to authorities.. again while letting the currency flow..
IF authorities determine there is significance of a crime the authorities get a court order and then.. an account is frozen
try not to put your unlearned unresearched opinion of how things work to mean more than whats easily available to learn and research, factual process of how MSB's process funds and investigate.
.. people can "earn suspicion points the more they use a service where more and more deposits all have certain flaggable" traits until it meets certain thresholds.

heck i am not even a MSB but i have used them and in my own risk awareness of wanting to secure my value when using a CEX, i actually bothered to research how a CEX(msb) would handle my funds. by reading a CEX user agreement policy, terms and conditions and also the MSB guidelines/handbook of how they work internally with things like the SEC and FATF.. its all available via google. and so i use google and find source information when i want to learn something

regulators tell MSB's of certain thresholds they want to see to trigger a SAR and CEX(msb) create their own methodology to investigate things and rate things to see what meets those thresholds before filing such reports


if you can see something in hard data thats about the source item EG you can see that busd unpegged by looking at actual charts and network data... then it did happen.. but if you are relying solely on social media and media in general, then you are not checking your sources, thus please check sources.

i dont use binance nor stablecoins. so i never checked your specific example nor cared to..
i dont know or care about CZ. my gripe is seeing the amount of people that dont think or dont research
(there is a game called chain of whispers which for humour was branded chinese whispers.. where someone whispers something to another person who whispers it to the next and so on.. where by the end, the message is completely different than the source... that is pretty much how social media works.. the message can get lost in translation in the media circles of each persons opinion of what they read, seen, heard)

its why i keep saying DYOR (do your own research) to people

but now prompted by you.. i just did have a look (today) and yes it appears that on 19th of march 2020 it did depeg temporarily beyond its 99.98% allowable threshold. to go down to 97%
and i checked by looking at chart data. not social media.. and it took me under 15 seconds to load the page and select the 'all' timeline and see the chart wiggles.. much faster than it would take to try finding some social media opinion about some tweet found somewhere that was linked somewhere in some topic on the forum.

i could then try googling the reason for the temporary event depeg. but im not interested in that. but i know i can.
if busd continued to be below a 99% amount for a lengthy period, and it started to affect the whole crypto ecosystem.. . then it would be more interesting to research. but small 1 day events are meaningless over all if they dont effect the ecosystem beyond that day, are not interesting and not worth thinking about 4 years later

so try checking sources and finding full context and content. and relevance

EG lukes actual tweets reveal he had coins on legacy addresses. so when sily people start talking about hardware wallets and passphrases.. they are not talking about actual events. they are saying shouldisms. but those shouldisms can only be true if luke first moved coin from legacy and chose to put his change destination to a HW wallet seeded address(my advice) however just using his node would have and did put lukes stash onto another legacy change address, meaning exposing his wallet(again i mentioned this). as seen by checking his previous spend events before the theft

In the strictest sense, bitcoin is not fungible since the holder of some bitcoin could be discriminated against based on that particular bitcoin's transaction history.

to be truly fungible, it has to be indistinguishable from any other bitcoin. and it's not.

no one cares about bitcoin not being "fungible enough" until it affects them. like when they go and deposit it into an exchange and the exchange freezes their deposit pending an investigation and possible involvement of law enforcement.

sorry franky i don't know enough about that topic to make a proper comment. but it doesn't sound right. there is always an owner to some bitcoin address. that's the person that has the ability to spend it   courts would probably think so too.

you mean like bech32? that's just a way of encoding a bitcoin private key into an address. no different than legacy really...

well what do you think about binance and their little busd unpegging story in the news? you think it was real or you believe what they say?

fungibility is not a boolean option of yes or no. its a sliding scale
..
from a legal prospective. legacy has keys and signatures. thus in legal terms.. property law, privacy laws can apply if fought in court
recent transaction formats only have witness statements(scripts) and passphrases(access not ownership). so even saying your the witness/accessor doesnt mean your the owner/victim.

luckily luke used legacy so he can be owner/victim of theft. unlike those using new style formats

yes there could be new transaction formats that come with their own terminology to not be defining their held value as a currency, asset, commodity, but as property. and businesses can classify deposits of that format as such classification. to separate value into different piles/allotments for different purposes

but to then limit who can use such format. then presents its own problems of a decentralised open system

but to awaken people to such notions and possibilities and also awaken them to how things actually stand now legally.. needs educating people into the actual events of the past and present... and no, not the versions they read on social media version of events that did not occur the way the social media are presenting them

luckily bitcoin is not fungible though. otherwise this thief might actually get away with the stolen funds. maybe someday they'll invent a technology that allows bitcoins to be turned into fungible bitcoins if someone uses a particular transaction type or address type. now that would be something. but only responsible people need apply. people that know how to manage their money...

ok seems someone is on a social drama craze and not a fact finding craze
ok, ill add you to the list of people that dont care about learning..
..
moving on

the only thing he got right about his assessment was how he would mess up bitcoin's credibility (for years to come no doubt) if he were to do something stupid like that. hopefully no one would have gone along with his little scheme. nothing is out of context franky, he said those words. they stand by themself. it's unfortunate that he would have ever even considered such a thing in the first place but anyhow...

ha ha ha.. a snippit out of context

you missed the parts where he said others gave him the idea
you missed the parts where he said he doubted HE could do it

you also missed the "can" and "if" and just thought it meant "will" and "dont care about"

and you are not understanding the "we" involved in the statement you snipped

and you ignored that he said that his priorities were first to secure the security holes in the system/

and how just hours later he told everyone he is not doing it...

thus it didnt happen. it was a non event and the idea was not even his idea

.. but hey i guess the full context of the facts of the actual social drama HOURS of may 8th 2019 dont matter. becasue instead some tweet/social thing your read in 2023 means more than facts of actual events of 3year 7 months ago..

---

its like this
larry:"someone told me to jump off a bridge. its possible in the next few days, im just concerned if the bungee rope wont break and damage my head when i fall"
8 hours later
"i spoke with the people about concerns and im not going to jump off a bridge"

4 years later
latery is a suicidal maniac he wants to jump off a bridge this year becasue he said he would kill himself 4 years ago

you could swap your btc for monero in a decentralized fashion. not sure what word you're thinking about though.

atomic swap it? not sure what word you're thinking of exactly.  



well here's some research for you:

"To be honest, we can actually do this probably within the next few days. But there are concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin."

guess who said that? do you really think this guy could pull that off? he must be really delusional if he thinks he could. and what's even worse is how he thought that might be an acceptable thing to try and do.

YOU were the one advertising in this topic involving a theft of $3 million that lightning is the solution to wash the hacked coins clean!!! as you called it the "greatest"

but thank you for now admitting you happen to now remember that its not designed for that... thus not the "greatest"
nice try shifting the adversary, but you are your own worse adversary

i was the one telling YOU that LN was not designed for large amounts. heck i even told you the limitations using $ amount limits based on the stats of capacity/liquidity of routes
i think you need to see an optician
..
when you learn about LN's "gossip" and how channels funding is actually public. you may learn that with the lack of events per second.. finding the path and thus destination due to gossip becomes EASY

heres your dilemma
you think that you are safe because no one can peel the whole onion skin to core...
but you forget/dont know/ignore.. that they have ways to simply watch where the onion plays pass the parcel without needing to peel the onion.. especially on a low-use system where packet sniffing and gossip listening is EASY to monitor for "channel updates" due to lack of noise

im sure you probably do know it but dont want to say it out loud.. but if you dont then thats a failure on your part
i consider you do know it which is why you and ur chums are full on pedal to the metal, snake oil utopia, trying to recruit new people into your silly system to create more noise in the "gossip process". even if you are not morally telling your recruits of the many flaws you are inviting them into

trying to cause innocent people to be put on a AEC weido list just so you can exit an AEC with clean funds... leaving the innocent people with dirty coins. is not moral or letting your innocent recruits be informed of said weirdo lists, liquidity issues, how they end up with dirty coin.. and how they can be conned, scammed and easily stolen from due to many other flaws of your favoured service..

for someone that pretends is securing his stash. you sound less like a risk-aware guy, looking for flaws to help know the risks and inform others of risks/flaws... and more of a snake oil advertiser only selling the utopian best case dream

..
last point
if things were so binary fungible and untraceable.. why have you put soo much effort into needing to recruit. why are you so worried about "dirty" why even need a mixer if you think everything is fungible
answer: because you know deep down behind the hidden advert messages.. that things are not as you say they are

They don't know what's the destination, though. That's another level of privacy, comparably with the blockchain.

If you took the time to read the whitepaper, you'd acknowledge that lightning exists for micro-transactions. Not for 3 million dollars worth transactions. But, yeah, I'm the one who needs research. 

That. I don't understand why such fuss for this. Isn't it possible that a smart person makes a human mistake? Don't smart people lose their cash by accident every day?

You are right. That is actually frightening how an OG Developer can get hacked and lose a large amount of bag. It shows how smart and dangerous hackers have become nowadays that they can trick literally anyone. Also on another hand, humans make mistakes. It is possible that Luke might have done something which made him vulnerable to the hack. There are so many malware and viruses which come along with files we download from the internet and can compromise/control our systems.

the concept of a weirdo list is very true and yes its part of narrowing down "suspect list".. and im actually preferring blackhats term of a "weirdo list"

as for his yet again overly hyped and salivating at the mouth promotion of lightning. blackhat has fallen down several holes and hit his head and not done the research (or has done the research but doesnt want to talk about the negative flaws, non-hyped advert positive stuff)
..
just like tor, certain analysis/data agents can become some of the "bridges" and "exit" nodes of tor to then identify traffic.. in LN some nodes can be on the route to notable services to traffic analyse payments going through them

the only saviour feature of LN. is that because LN can only handle routes of ~$570 MAX(if lucky(avg channel cap /2 parties)) governments and more precisely regulators and more precisely data companies delegated to analyse and identify a weirdo list.. simply dont care about your silly small drug deal amounts.

you'll still be on a weirdo list but they wont bother you(handcuffs) unless your criminality is worthy a stiff sentence

as for his avoidance of the obvious negative flaw of LN (liquidity)
LN would completely bottleneck and fail if it had to try routing 200btc in a small time period

if your destined LN recipient for a swap only has imbound ~$570. and the hops(route middlemen) only have the same. there is a limit to how much can be moved


oh and by the way. most of the LN crew keep promoting "look guys i done [under 400] events this month"
meaning when events can finalise in under 1second it shows a massive time gap between events. meaning just watching for the gossip "channel updates" makes it easy to find the paths..
oh and even funnier.. the channels reveal their funding utxo's so even easier to "follow the money"

simple math if they do under 12 events(routes) a day meaning 1 per 2 hours, meaning, 1 per 7200 seconds
its very easy to spot the paths that update(gossip) in that specific timeframe of a few seconds without much "noise" happening near that timeframe

And I really don't understand what conclusion one can make with this information.

I don't want to, actually. My ISP doesn't block my entrance to the Tor network, and I neither care if they know I'm using Tor. Just as mixing bitcoin, I don't care if somebody knows I'm part of the process of mixing / using Tor. Quite the opposite. I want them to know I'm respecting my privacy. What I don't want them is to know the final destination each of my processes.

NSA analyze and save the IP of every persone download tor browser since 2013.

With obfs bridges you can try hide to your ISP that you're using tor. Welcome to 1984.

Maybe that implies for anything privacy respecting nowadays. If you're caught to using Tor Browser, you're put to the "weirdos" list. If you're caught to install Tails, you're suspicious. If you're caught to use protonmail instead of gmail, weirdo! LineageOS, or any other privacy focused mobile OS instead of iOS / android, real freak.

If you're caught to selling XMR to a KYC-ed exchange, you need an unusual reason as justification, because it sounds really dumb.

Everywhere there's mixing though. Move to another wallet, and you just (poorly) mixed your coins. Convert your BTC to LN-BTC, and you're just taking advantage of the greatest, decentralized Bitcoin mixer available. Use a DEX, and no chain analyzing company can safely assume what you're doing.

If you're cashing out a significant sum of XMR through a KYC exchange for fiat, then yes, you want to have a legal reason for doing so. However, there are tons of alternatives these days. You can even buy gift cards with it now. If privacy is your goal, BTC doesn't hold a candle to XMR. There's a reason why the largest darknet markets don't support BTC as a payment option anymore.


What's even crazier than using Monero is using a mixer. My bet is all mixing processes will be totally deanonymize-able before the year's end.

It is also somewhat remarkable that ChipMixer has still managed to evade sanctions.