Topic: Bitcoin developer @lukedashjr's wallet was hacked - page 8. (Read 12899 times)

Best thing to do is just forget about coins. No life or limb is lost. This also happened to me. I forgot encryption password for hard drive of computer. And I miss the pictures and saved games more than the bitcoins stored there. Just we must take lessons how other people failed and not repeat them.

Also I feel good that the destiny got Luke for hacking CoiledCoin. It is hard to feel sympathy for a guy who looks like crossover of Amish husband and feces-smearing Johnny Knoxville. And Luke over years have acted as one, from genuine service to humanity as a free software developer to destroying altcoins and smearing blockchain content. Luke is like my cousin. My cousin is brilliant scientist and computer hacker, but complete imbecile in human relationships and behavior.

Given the Bisq low volume, it would take you a long time to cash out 200 bitcoin that way. But I agree, cashing out 200 bitcoin at this day and age is not that hard if you know where to look, and people that managed to hack him are surely not some noobs.


Oh damn, I had no idea that it used to be like that in the early days. Just a thought of typing my seed into some web browser app or whatever it was makes me very uncomfortable. I got my Ledger Nano S back in the late 2017 (after I lost almost everything I had) and wouldn't go back on any other type of cold storage.


My guess is yes, because if he was hacked before, he would be way more careful than he was. Btw not saying that he was careless, but he would probably be extra careful it it has already happened in the past.

A very terrible way to begin the new year, although has this been the first time he lost large amounts of Bitcoin? Imagine a Bitcoin dev lossing such what would be said if same got lost by a rookie. I feel so sad for the loss because that is more than enough for anyone.

I hope everyone learns the lessons here no one is above mistakes like this all one has to do is to make sure you are well updated about the current security to back your wallet.

  I hope the news does not affect newbies and rookies entering the crypto space.

it was 600 thousand usd not 600 million usd, i made a mistake (and deleted my message but you quoted it before that lol), but yeah non KYC exchanges do seem to abound.

Fair enough, There some exchange that still doesn’t required KYC and allow 2BTC deposit and withdrawal per day. Also there are some DEX that let user buy and sell bitcoin for fiat P2P like Bisq. I believe a 200BTC can be easily cash out nowadays due to the P2P offered by DEX.

giving best practice advice vs following own advice is a human trait.

also best practice advice is sometimes too impractical.
it all depends on how much wealth you have at risk then decides how much effort you want to take to protect it

someone with just a month wage stored. may just have a seed wrote down they import into a wallet to spend and have the change go to a completely new seed based address. so that the seeds are secure each time

where as someone with more wealth might have multiple devices that separately sign and only present the signatures to each other via a air gapped method (convert to QR code and snap a picture and send it to the main system to append signatures)

some may want more then a paper wallet and have a hardware device that can enter seeds without touching a computer

there are many many many ways to back up seeds, keys, wallets. the world is your oyster, but it all depends on your personal risk/preference.

its like fiat world
only a months salary.. normal ATM visa debit card.. 'tap and pay risk' of losing maybe $100 per payment via card cloners, where when spotting it you move funds to new account

$mansion money$  set up a family trust requiring co-signer trustee's to sign off on funds to beneficiaries

some have both set up.. a multisig 'trust' for main hoard of coin. with a lite wallet seed of weekly/monthly spend amount

So, LJR apears a bit niave, he thinks office was hard to get into
Gets hacked, does not change his addressess or wallet or make a new wallet.

Also I thought he would have more than 200 BTC.

He should be able to sue his server provider for losses

This is a very big misconception, there are much more risks here, the first and simplest - Binance can simply freeze your coins, simply block your account. There are such cases, so they cannot be ruled out. If you give an example of hacking an exchange, then in this case the withdrawal will also be closed to all users until the circumstances are clarified, and believe me, no one will compensate for this from their coins.

You should never trust your money to exchanges, FTX is an example that should have made everyone think about it seriously, but I see that this is not clear to everyone.

This is a warning sign, not many people can understand better than these people in the safe storage of bitcoin, but as we can see, no one can be sure that their coins are safe.

How then to proceed in this case, is it worth separating our coins into different cold wallets, part per ledger, etc., or what? In fact, this is a very serious issue that should not be put off.

years back first generation hardware wallets were just USB devices that when plugged in, opened a webbrowser with the interface being a webpage(facepalm) . so soo soo many flaws back then

but yes these days and those days dont trust anything requesting your seed phrase on a pc's screen unless you have a way to prove its a genuine thing asking for it. and good to see new ledgers allow key inputs via devices(i havnt bothered looking into hardware wallets for years.)

Yeah if I saw a message like that pop up on any damned device, I'd know I was hacked and immediately wash off.

Problem is, and I'm sure I'm not exaggerating, most people, not some, would enter their seed phrase if they saw a message requesting it.

Now that actually reminds me that I've rarely seen warning messages about never ever responding to seed phrase requests...

And this is basically how 90% of it gets done, purely social engineering hacking and not brute forcing.

I see that franky1 has given you good answers, so I won't get there too.
All I can add is a recommendation to make a new (spin-off) topic about this if you want to continue this debate, since here it's off-topic.


It has 2 buttons. A bit unnatural to call it keyboard, but it can be seen so without being awfully wrong, since the Nano S (plus) doesn't need more than that.

You don't need a keyboard to enter seed phrase in Ledger, few buttons on the device are enough for that. Its clunky and not most convenient, but I'll take that over entering seed in some app which is way more dangerous (fake apps, keyloggers etc). Here is the video how its done https://www.youtube.com/watch?v=XRzGix11T18

By the way, how are you doing it on your hardware wallet, if you have one?

ledger USB device has its own keyboard?? .. show me

Are there any hardware wallets that actually ask you to do something like that in any circumstances? If yes, then that's a very dangerous thing to have. So far I've been using only Ledger and the only way to enter seed phrase was directly using the device and not via Ledger Live app so if any message like that pop up, Ledger users should know that it is a fake. Not that it would stop some people entering seed anyway.


This shows that you aren't 100% safe even if you know what you are doing (its safe to assume that person in question knew considering his experience). Since this guy wasn't anonymous, I don't think that this was just some random attack and instead he was targeted which is a different thing than just clicking on some malware link and losing your bitcoin that way. Then again, smart people can do stupid things so maybe this was a brainfart.

Thanks 

doesnt matter if its a long string of characters or a bunch of words. if its has been typed into a compromised PC that a hacker can see files of.. the hacker can get it

even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.

Hi Guys...
just a quick question...
if this guy had a 25th seed phrase enabled, would that have prevented the hack?

Thanks

They won't and should not because to do so requires working with blockchain analysis companies which exist to invade people's privacy and to deanonymize bitcoin transactions, this goes against the very reason the mixer exists.

This is what boggles most people on here which it would really be that understandable that a certain Bitcoin dev does know much more than us when it comes to safety protocols on how to store up your coins.

It wasnt cleared out on where he did make out those lapses which it did result into such breach if this would be blamed out technically stolen which does means that Bitcoin does have its flaws? Possibly but close
to impossible.
This is a human error obviously and not on the system itself,it cant just be clarified on where he did go wrong.