Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 6. (Read 12796 times)

kinda funny how a btc dev is seeking help from the gov lol

bitcoin does not reveal identities

the only way to track down a person. is to link a person to said transactions via a service

..
also transactions can be de-linked (mixers).. where you end up chasing after a innocent recipient of mixed funds to their kyc exchange and they get their accounts frozen and treated as stolen funds

and entity(thief/luke) is now hoarding a different set of utxo

Bitcoin allows tracking of funds, and by tracking funds you can find those who interacted with the owner, which could lead to finding the owners identity. KYC is not the only way it can happen, just the most common and easy one.

Imagine a thief selling coins for cash during in-person meeting, and the chainanalysis tracks down the buyer of the coins, since they do a lot of transactions and leave a large footprint. So the law enforcement questions this buyer and looks at the camera records near the place where the trade happened and get a pretty good profile of the criminal.

If Bitcoin protocol or Bitcoin ecosystem could guarantee that a previous transaction can not be linked with the next transactions, identifying users would become less likely.

my biases can be backed up by events that did occur..
my issues with segwit activation is backed up by blockdata that supports how things actually happened
(id trust code/immutable blockdata, rather than a tweet or social club)
my biases against all the flaws of LN can be backed up by the flaws.

i dont have utupian fantasies. i actually do the research. and everytime, i ask others to do the research too. and not just pander to their pals who told them a story using a quote of a third party that told them.. as thats just echo chamberism of cabin fever friendships.. not facts

i know people hate HOW i am frank.. literally. ..  how im not an ass kisser or a hugger.. but then again, who deserves a hug when they are already asleep dreaming

Edited to account for your additional response (explanation) that came after my post.

Ok.. maybe I had been influenced by the wrong facts on that topic?

I am not anti-CZ... generally speaking.. .. and so I otherwise stand by my overall attempt to make the point that it could take a while to figure out who the hacker of Luke's coins might be (presuming that Luke actually lost the coins to a hacker as he has asserted to be the case), even if some folks are trying to follow and identify the hacker.

Regarding your last point..

You are not even close to unbiased, even if you want to be patting ur lil selfie on the back as if you were the greatest thing since sliced-bread... #justsaying.  You do make some pretty decent points sometimes, though.. even though at other times, you seem to be totally off-of-your rocker, if you have such a rocker?

once coins enter a mixer things get harder to follow
however shifting a large amount through a mixer in a certain period would see a larger amount of outputs  after mixer too. seeing large amounts join back together to more then the usual allotments can reveal the entity again and if then going into a exchange can reveal their KYC

its not impossible. but it is harder with a mixer involved to just 'taint watch'
it requires seeing a large yield of 0.00x go into some utxo's and a large yeild of 0.00x move afterwards to see who swapped with who..
(it would be stupid for a entity to then deposit them all into same service or re consolidate after a mixer)
.. it may even result that a innocent receiver of stolen funds gets in trouble for handling stolen funds and loses their funds due to links with the mixer they used.

Ok.. maybe I had been influenced by the wrong facts on that topic?

I am not anti-CZ... generally speaking.. .. and so I otherwise stand by my overall attempt to make the point that it could take a while to figure out who the hacker of Luke's coins might be (presuming that Luke actually lost the coins to a hacker as he has asserted to be the case), even if some folks are trying to follow and identify the hacker.

See my new edited response, below.

oh your one of them types of people, still.. i thought you were getting better then that.. seems i came too early to treat you differently than them
anyways years ago
other people suggested to CZ about a possible roll back. he told wider community that he had talks with others who came up with suggestions and in same video he said his priority that week was to sort his server security and custody security, finding the bug/entry,loophole the hacker used.. and plug it..
.. and within 8 hours of video he made it clear he wont be doing a rollback.. thus it was a non starter-drama of meaningless effect that should have died within the same 8 hours of speculative chatter

timeline
8thmay 2019
8th: he done a AMA to explain why the maintenance event happened
where someone proposed TO HIM to do a roll back
https://www.pscp.tv/w/1mrGmvjpbqBJy
"this morning alot of people have offered us support, and there is a few topics i will discuss in this regard"
"the idea came from the community and i did not know that we could do that"
"To be honest, we can actually do this probably within the next few days. But there are concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin."

same day 8th
Quote

purple words are not CZ talking about something HE came up with

plus it was all a non event, no drama that extended for .. a few hours.

---

i dont like central exchange or luke.. yet even i can stay rational and keep to the facts..
.. wish some others would keep their biases aside

my biases atleast can be found in real data and activities that actually happened

I have a hard time speculating that at some point the hacker is not going to make some kind of a mistake that causes his/her identity to become apparent, yet some of these cases take a long time to figure out - especially if the hacker ends up sitting on the coins and just hoping that with the passage of time, there is less attention on the matter.  I am sure that various kinds of USA govt officials are less excited about Luke's coins as compared with the 94k Bitfinex coins that they ended up getting after around 5 years or the 40k Loaded coins that they ended up getting after around 9 or 10 years.  Of course, there are likely several other examples, but those are the two that come to mind for me recently.... 200 coins?  are we paying attention? 

Are people with forensics paying attention?  Anyone besides CZ's public comment to keep his eyes peeled for the coins hitting his exchange, if that's going to work?  I am not sure.  Remember a few years ago when CZ had something like 7k coins hacked and asserted that he was going to get the chain rolled back.. hahahahaha.. that did not happen, and he got beat up publicly for making such assertions.

that's because 200btc represents small percentage of their total owned. so it's like a normal person storing 0.005 btc on a hotwallet while they have 1btc on a paper wallet. not unreasonable right?

assuming there are thieves. but a bigger issue is that's how satoshi designed bitcoin is so that whoever has the private keys can spend the money. if the thief sent all the money to a burn address what then? are we going to roll back the bitcoin blockchain? if so then bitcoin has no meaning...

bitcoin is private

no one knows the name of the entity moving the coins thus far.
no one knows the country of the entity moving the coin thus far.

bitcoin is not revealing that..
the point at which privacy breaks. is the KYC of using an exchange

Hehehehe I am happy than someone does not feel offended or antagonized with my replies.

In any case, similar to some of you the more time I spend thinking and speculating about this, the more I cannot believe or understand how a bitcoin developer and an expert in the cryptospace had his coins in cold storage stolen from him.

I'm a bit late to the party, but want to share some thoughts.

First, it shows that not only "stupid" people or "noobs" get hacked. Anyone can make a mistake without realizing it. And anyone can become a target or catch some stray bitcoin-stealing malware. This should be a wake-up call to everyone to triple-check their storage setup and don't get arrogant thinking that you're a master of bitcoin security and can't be hacked. Instead look at yourself from a point of view of a hacker and think how can you get hacked.

Second, I see a bit of a privacy dillema here with Luke trying to find the thieves. If he succeeds, despite mixers and coinjoin, it would mean that Bitcoin privacy is not good enough to protect you from adversaries. What should Bitcoin (I'm talking about the whole ecosystem, not just the protocol) future look like - weak privacy that can be broken with certain effort, or complete privacy that protects everyone, even criminals?

Having the hacker followed will not be going to bring the money back, they could literally sell it OTC and nobody would know, and they could have used a great mixer, or something like that to make this work, they could turn this into smaller chops and by far harder to follow up as well.

Long story short, there are a billion ways they could cash this into fiat in their bank account and nobody would be able to stop them. All in all, I would say that once an account is hacked, the money is gone, there is no way to return it to the original owner, any decent hacker who would be good enough to hack into it, would also know how to cash that out as well, that's easier to do.

again to end your silyness.. and i hope you move on from the sillyism of shouldisms outside the practicals of this specific topic

you were spouting random shouldisms about things that luke didnt have. thus . saying he should have used a hardware wallet .. would only be true if time travel occured for him to have bought said device prior to september, prior to septembers exposure, prior to risking his wallet. ..
he had no such device at time of events(sept-dec). his funds were not on such device. thus your shouldism is not a reality of what he had but didnt use. but what he didnt have so couldnt use.

i personally have funds on legacy for my personal reasons. (none you would understand)
you cant just slide in a private key into a hardware wallet or a seed. it requires SPENDING to move funds to a new wallet that is seed based.

having funds on legacy doesnt help users of legacy to have shouldisms shouted at them about having keys in hardware wallets. because it requires them to SPEND the keys. meaning exposing they keys. thus..
advice is actually "WHEN spending it would have been best to not just use cores standard add change address to wallet.dat change address mechanism. as that wallet when SPENDING is exposed
he COULD have set a second destination to a fresh wallet to remove exposure by the new wallet destination being airgapped

do you now see the difference in advice and why my advice is more practical to the reality of occurrences and information availbe to us from luke and the locations of funds admitted by luke(this topic)

..
oh and as for your shouldisms about everyone having a hardware wallet its stupid not to
the hardware market is only $850m~
at an average of $85~
means only 10m devices..

there are 43,629,759 funded addresses (some single addresses represent multiple millions of people some multiple addresses represent a single person.. so not a good metric of crypto userbase
yet coinbase has 60m customers. binance has 25m customers
meaning adding all up all other exchanges aswell.. there are more then 100m users of crypto.
so at best bet only 10% are using hardware wallet AT BEST

oh and final debunk

you pretend your whitty, smart, and you absolutely have top security by promoting hardware wallets or HD seeds

seriously??
your 1BLACKWQ3LHpbh8GFYnarr5mpuJ7xz1v5h you advertise and want people to fund is not:
hd seed originated.
hardware wallet originated

heck you used a vanity gen which could have been compromised. where by the only reason no one stole from you is no one wants to tip you
balance received: 0

can i just ask why you dont want to advertise a HWwallet seeded segwit address/ LN channel as your tipping address?
(with all your promotions it seems hypocritical to not be using the things you advertise)

I said no reasonable person does that. And, as history is concerned, my assertion is arguably confirmed.

It was merely a suggestion. People that have millions of dollars worth of bitcoin and haven't made the necessary precautions are just irresponsible, that's all I'm saying.

I don't know what's going on in your head, but please visit an expert.

oh blackhat your responses dont help anyone..  you are a social drama queen poking just to be oppositional

you have been caught out before trying to re-define OG terminology (such as the pruned=full node crap you and buddies infer.. yet, pruned was not even a thing when "full node" term was used.. having an option to switch off options and peer services = not full node when options are set to not offer fullpeer services)

YOU said no one puts 200btc+ value on hotwallets.. so i responded that exchanges do.. (instant debunk)
i guess you forgot your point in the previous post, to then not realise i was correcting your point
amnesia is not an excuse to pretend your point didnt get debunked.. now just move on. dont reply just to be oppositional.. actually read the context of stuff and stop using amnesia as a reason to not know stuff

even your response to loyce was that someone should use a signing device, negating his point about people (actual events) that dont have a signing device yet and (actual events) exposed keys(actually happened) should wipe their computer or use a live CD operating system to remove said exposure(that actually happened)

stick to actual events and not try to re-write history to pretend he must have had xyz in the past and should have used xyz

sticking to what luke had. (and what he could do with what he had), then sets the conversation of this topic about what happened and how he in this topics specific situation could have mitigated it with what he actually had/admits/reveals to have had.
not shouldisms of what he should have bought created via needing different equipment devices and a time machine .. to then have your particular list of devices HE DIDNT HAVE at the event

oh
and you think there are no people out their with a platinum/black debit card.. pfft
and you think there are no people out their with a platinum/black debit card who arnt also billionaires.. pfft

anyone could shout out any shouldism they like. but a rational person. sticks to the realms/scope of realism of what was actually available in the victims hands at the time of the event

Or just buy yourself a signing device, if you're about to do this regularly. If not, Linux Live OS does fine for long-term cold storage.

And exchanges get hacked all the time. Your point?

There is no newbie redefinering. A hot wallet is a piece of wallet software installed in a machine that is or was reachable by a network of computers.

You don't leave a million dollars on a debit card, unless you already have a billion in cash. That's my response.

im laughing

firstly exchanges use hotwallets containing more then 200btc all the time..(they have 'at-risk' 0.0x-1000btc) hotwallets on server
just the CEO's have their non-server(not the exchange) nodes with the cold wallets(1000-700,000btc) keys not on a server

but ..
lets get to the whole actual detail of what lukes tweets have actually revealed so far

he didnt have keys on his server(thus not a hot wallet by OG standards(ignoring the newbie redefiner, re-jargonisers))
though he did spend coin in september on his home pc(not the server), which would mean his keys of the utxo 'change' were in same wallet(standard key addition to wallet.dat of core) so it was exposed to that system because he didnt set the change address (manually needed) to go to an airgapped separate wallet

analogy when spending some debit card balance he didnt send the rest of the entire balance to a new debit card.. but then who does normally.. no one
(legacy core doesnt do this either, it puts rest of balance into a key OF THE SAME WALLET.DAT)

to avoid this. like i have said a few times now. people have to manually set a second destination for remaining balance to go to a destination you own(airgapped) of an address thats not been exposed to the spending PC

try to read before letting your brain bot shout "must find reason to be opposite to franky"

Using a Linux Live DVD is quite easy nowadays. Copy an unsigned transaction from a watch-only hot wallet, sign it from a Live Linux OS without any storage or internet, copy it back, broadcast it, and all you have to wipe is the RAM.