Pages:
Author

Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 8. (Read 12896 times)

legendary
Activity: 1512
Merit: 1049
Death to enemies!
Best thing to do is just forget about coins. No life or limb is lost. This also happened to me. I forgot encryption password for hard drive of computer. And I miss the pictures and saved games more than the bitcoins stored there. Just we must take lessons how other people failed and not repeat them.

Also I feel good that the destiny got Luke for hacking CoiledCoin. It is hard to feel sympathy for a guy who looks like crossover of Amish husband and feces-smearing Johnny Knoxville. And Luke over years have acted as one, from genuine service to humanity as a free software developer to destroying altcoins and smearing blockchain content. Luke is like my cousin. My cousin is brilliant scientist and computer hacker, but complete imbecile in human relationships and behavior.
legendary
Activity: 1722
Merit: 5937
Also there are some DEX that let user buy and sell bitcoin for fiat P2P like Bisq. I believe a 200BTC can be easily cash out nowadays due to the P2P offered by DEX.
Given the Bisq low volume, it would take you a long time to cash out 200 bitcoin that way. But I agree, cashing out 200 bitcoin at this day and age is not that hard if you know where to look, and people that managed to hack him are surely not some noobs.


years back first generation hardware wallets were just USB devices that when plugged in, opened a webbrowser with the interface being a webpage(facepalm) . so soo soo many flaws back then
Oh damn, I had no idea that it used to be like that in the early days. Just a thought of typing my seed into some web browser app or whatever it was makes me very uncomfortable. I got my Ledger Nano S back in the late 2017 (after I lost almost everything I had) and wouldn't go back on any other type of cold storage.


although has this been the first time he lost large amounts of Bitcoin?
My guess is yes, because if he was hacked before, he would be way more careful than he was. Btw not saying that he was careless, but he would probably be extra careful it it has already happened in the past.
sr. member
Activity: 1736
Merit: 306
A very terrible way to begin the new year, although has this been the first time he lost large amounts of Bitcoin? Imagine a Bitcoin dev lossing such what would be said if same got lost by a rookie. I feel so sad for the loss because that is more than enough for anyone.

I hope everyone learns the lessons here no one is above mistakes like this all one has to do is to make sure you are well updated about the current security to back your wallet.

  I hope the news does not affect newbies and rookies entering the crypto space.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
didnt SBF (of FTX fame) cash out like 600+ million USD of some crypto on non KYDd exchanges a just few weeks ago? so it seems possible.

Fair enough, There some exchange that still doesn’t required KYC and allow 2BTC deposit and withdrawal per day. Also there are some DEX that let user buy and sell bitcoin for fiat P2P like Bisq. I believe a 200BTC can be easily cash out nowadays due to the P2P offered by DEX.


it was 600 thousand usd not 600 million usd, i made a mistake (and deleted my message but you quoted it before that lol), but yeah non KYC exchanges do seem to abound.
hero member
Activity: 2716
Merit: 698
Dimon69
He should track and contact the exchanges asking them to freeze the funds incase the hacker tries to deposit in any of the top ones to convert the coins into stables.
That is good. CZ from Binance has already replied to his tweet:


Trying to exchange 3mil won't be so easy, any sight of these coins on a Cex and these coins will certainly get frozen.... Btw can a mixer freeze such coins knowing that they are tagged stolen in the event they try to clean them Huh

didnt SBF (of FTX fame) cash out like 600+ million USD of some crypto on non KYDd exchanges a just few weeks ago? so it seems possible.


Fair enough, There some exchange that still doesn’t required KYC and allow 2BTC deposit and withdrawal per day. Also there are some DEX that let user buy and sell bitcoin for fiat P2P like Bisq. I believe a 200BTC can be easily cash out nowadays due to the P2P offered by DEX.

legendary
Activity: 4270
Merit: 4534
giving best practice advice vs following own advice is a human trait.

also best practice advice is sometimes too impractical.
it all depends on how much wealth you have at risk then decides how much effort you want to take to protect it

someone with just a month wage stored. may just have a seed wrote down they import into a wallet to spend and have the change go to a completely new seed based address. so that the seeds are secure each time

where as someone with more wealth might have multiple devices that separately sign and only present the signatures to each other via a air gapped method (convert to QR code and snap a picture and send it to the main system to append signatures)

some may want more then a paper wallet and have a hardware device that can enter seeds without touching a computer

there are many many many ways to back up seeds, keys, wallets. the world is your oyster, but it all depends on your personal risk/preference.

its like fiat world
only a months salary.. normal ATM visa debit card.. 'tap and pay risk' of losing maybe $100 per payment via card cloners, where when spotting it you move funds to new account

$mansion money$  set up a family trust requiring co-signer trustee's to sign off on funds to beneficiaries

some have both set up.. a multisig 'trust' for main hoard of coin. with a lite wallet seed of weekly/monthly spend amount
legendary
Activity: 2632
Merit: 1023
So, LJR apears a bit niave, he thinks office was hard to get into
Gets hacked, does not change his addressess or wallet or make a new wallet.

Also I thought he would have more than 200 BTC.

He should be able to sue his server provider for losses

hero member
Activity: 980
Merit: 947
It's definitely a sign that none of the cryptos at just a singular place is safe, no matter if it is in your ledger or on your pc or anything else. Singular place is always terrible.

Many people claim that "not your keys not your coins" because of exchange hackings, but at the same time if you end up putting it on binance, do you really think that binance will be hacked so big that they will fail to pay the customers? They have so much money that you could empty all of their hot wallets today, and their cold wallets would still cover everyone's funds. That is why I highly believe that they are going to be the best case if you want to safely secure your coins.
This is a very big misconception, there are much more risks here, the first and simplest - Binance can simply freeze your coins, simply block your account. There are such cases, so they cannot be ruled out. If you give an example of hacking an exchange, then in this case the withdrawal will also be closed to all users until the circumstances are clarified, and believe me, no one will compensate for this from their coins.

You should never trust your money to exchanges, FTX is an example that should have made everyone think about it seriously, but I see that this is not clear to everyone.

This is truly an unprecedented event!  From such an experienced developer in the field of blockchain, hackers managed to steal a large sum of money in Bitcoins....

At the same time, Bitcoin Core developers themselves give recommendations on the safe storage of the first cryptocurrency on their website.  Most Bitcoin users are guided by these recommendations when choosing one or another wallet to store their coins. 

In my opinion, this means acknowledging the fact that there is no completely secure way to store Bitcoins.  It is necessary to use all available methods to minimize the existing risks of losing cryptocurrency.
This is a warning sign, not many people can understand better than these people in the safe storage of bitcoin, but as we can see, no one can be sure that their coins are safe.

How then to proceed in this case, is it worth separating our coins into different cold wallets, part per ledger, etc., or what? In fact, this is a very serious issue that should not be put off.
legendary
Activity: 4270
Merit: 4534
Now that actually reminds me that I've rarely seen warning messages about never ever responding to seed phrase requests...

years back first generation hardware wallets were just USB devices that when plugged in, opened a webbrowser with the interface being a webpage(facepalm) . so soo soo many flaws back then

but yes these days and those days dont trust anything requesting your seed phrase on a pc's screen unless you have a way to prove its a genuine thing asking for it. and good to see new ledgers allow key inputs via devices(i havnt bothered looking into hardware wallets for years.)


legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.
Are there any hardware wallets that actually ask you to do something like that in any circumstances? If yes, then that's a very dangerous thing to have. So far I've been using only Ledger and the only way to enter seed phrase was directly using the device and not via Ledger Live app so if any message like that pop up, Ledger users should know that it is a fake. Not that it would stop some people entering seed anyway.

Yeah if I saw a message like that pop up on any damned device, I'd know I was hacked and immediately wash off.

Problem is, and I'm sure I'm not exaggerating, most people, not some, would enter their seed phrase if they saw a message requesting it.

Now that actually reminds me that I've rarely seen warning messages about never ever responding to seed phrase requests...
member
Activity: 124
Merit: 11
Hi Guys...
just a quick question...
if this guy had a 25th seed phrase enabled, would that have prevented the hack?

Thanks

doesnt matter if its a long string of characters or a bunch of words. if its has been typed into a compromised PC that a hacker can see files of.. the hacker can get it

even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.



Thanks 

And this is basically how 90% of it gets done, purely social engineering hacking and not brute forcing.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!

I see that franky1 has given you good answers, so I won't get there too.
All I can add is a recommendation to make a new (spin-off) topic about this if you want to continue this debate, since here it's off-topic.

ledger USB device has its own keyboard?? .. show me

It has 2 buttons. A bit unnatural to call it keyboard, but it can be seen so without being awfully wrong, since the Nano S (plus) doesn't need more than that.

legendary
Activity: 1722
Merit: 5937
ledger USB device has its own keyboard?? .. show me
You don't need a keyboard to enter seed phrase in Ledger, few buttons on the device are enough for that. Its clunky and not most convenient, but I'll take that over entering seed in some app which is way more dangerous (fake apps, keyloggers etc). Here is the video how its done https://www.youtube.com/watch?v=XRzGix11T18

By the way, how are you doing it on your hardware wallet, if you have one?
legendary
Activity: 4270
Merit: 4534
even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.
Are there any hardware wallets that actually ask you to do something like that in any circumstances? If yes, then that's a very dangerous thing to have. So far I've been using only Ledger and the only way to enter seed phrase was directly using the device and not via Ledger Live app so if any message like that pop up, Ledger users should know that it is a fake. Not that it would stop some people entering seed anyway.

ledger USB device has its own keyboard?? .. show me
legendary
Activity: 1722
Merit: 5937
even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.
Are there any hardware wallets that actually ask you to do something like that in any circumstances? If yes, then that's a very dangerous thing to have. So far I've been using only Ledger and the only way to enter seed phrase was directly using the device and not via Ledger Live app so if any message like that pop up, Ledger users should know that it is a fake. Not that it would stop some people entering seed anyway.


This shows that we can't be safe if we do not know what we are doing.
This shows that you aren't 100% safe even if you know what you are doing (its safe to assume that person in question knew considering his experience). Since this guy wasn't anonymous, I don't think that this was just some random attack and instead he was targeted which is a different thing than just clicking on some malware link and losing your bitcoin that way. Then again, smart people can do stupid things so maybe this was a brainfart.


jr. member
Activity: 35
Merit: 3
Hi Guys...
just a quick question...
if this guy had a 25th seed phrase enabled, would that have prevented the hack?

Thanks

doesnt matter if its a long string of characters or a bunch of words. if its has been typed into a compromised PC that a hacker can see files of.. the hacker can get it

even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.



Thanks 
legendary
Activity: 4270
Merit: 4534
Hi Guys...
just a quick question...
if this guy had a 25th seed phrase enabled, would that have prevented the hack?

Thanks

doesnt matter if its a long string of characters or a bunch of words. if its has been typed into a compromised PC that a hacker can see files of.. the hacker can get it

even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.
jr. member
Activity: 35
Merit: 3
Hi Guys...
just a quick question...
if this guy had a 25th seed phrase enabled, would that have prevented the hack?

Thanks
legendary
Activity: 3472
Merit: 10611
Btw can a mixer freeze such coins knowing that they are tagged stolen in the event they try to clean them Huh
They won't and should not because to do so requires working with blockchain analysis companies which exist to invade people's privacy and to deanonymize bitcoin transactions, this goes against the very reason the mixer exists.
hero member
Activity: 3010
Merit: 794
I don't know what seems the be the method or reason how he was hacked but the reality is that we shouldn't really trust our own wallets neither if he got hacked. I mean think about it, dude is a bitcoin developer, he probably knows more about how safety works let alone just being safe, so he had all the knowledge and tools and items he needs to be safe and he still got hacked and all his money was stolen.

This shows that we can't be safe if we do not know what we are doing. The best thing we could do right now would be making sure that its on a place that is secure which is cold wallets and offline, that would be a lot better for sure.
This is what boggles most people on here which it would really be that understandable that a certain Bitcoin dev does know much more than us when it comes to safety protocols on how to store up your coins.

It wasnt cleared out on where he did make out those lapses which it did result into such breach if this would be blamed out technically stolen which does means that Bitcoin does have its flaws? Possibly but close
to impossible.
This is a human error obviously and not on the system itself,it cant just be clarified on where he did go wrong.
Pages:
Jump to: