Pages:
Author

Topic: Moderator Account may be compromised? (Read 452 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 04, 2023, 01:40:08 PM
#25
"Luke Warm" wallets... can we add that term to the Bitcoin Wiki, please?!

I would've done it but I'm afraid of getting banned from the wiki for spam (besides, Lukejr was the admin who gave me the edit perms in the first place IIRC, so with him distracted, who would give it to me now?  Undecided)
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 03, 2023, 01:42:52 PM
#24
But... these are well known... Do you think that Luke-Jr was not aware of such procedures and he made am amateur mistake...?

I really don't know what was Luke-Jr setup, that's why I still have my doubts that this story is for real.

franky1 has a post in another topic which could be relevant information (if it's correct, which I don't know). There may be that some of the old/original bitcoiners may have a different view on what is cold storage and that wallet may have been exposed to his LAN, which probably got compromised.

Of course, while any minimal security measures were okay 10 years ago, anybody with a sense of reality would know that more and more security is needed with every year passing and every more dollar on the price.
legendary
Activity: 1680
Merit: 6524
Fully-fledged Merit Cycler|Spambuster'23|Pie Baker
January 03, 2023, 12:57:08 PM
#23
[...]

But... these are well known... Do you think that Luke-Jr was not aware of such procedures and he made am amateur mistake...?



For example, I believe Satoshi's email was compromised, despite them being something of a security expert to implement what they did into Bitcoin. Now, I can't remember the specifics so it may have been that Satoshi wasn't at fault, and the company that hosted it was. However, you could argue that's even poor security since they don't own the email, and relied on a third party.

Regarding Satoshi's email, it wasn't his fault. It wasn't even the fault of the email provider. The email address simply expired and someone tenacious enough, which probably followed that email everyday (or maybe someone very, very lucky), found the exact day when the email could be registered again.

It may sound incredible, but I am sure that there are people around the world which pursue such moments, hoping that their victim forgot about -- whatever thing they look for. For example, I remember a post related to prolonging expiry date for bitcoin.org and bitcointalk.org. Don't you think that there are also many malevolent (I mean no pun toward our malevolent Smiley) individuals, which keep counting until these domains expires, eagerly waiting to see if either Cøbra or theymos maybe forgot to pay for the domains and, if such thing would happen, they would quickly buy the domains? Same happened to Satoshi's email, I guess...

About Luke-Jr, maybe he will come up here and describe the situation a bit more, thus we can also understand what really happened...
legendary
Activity: 3010
Merit: 8114
January 03, 2023, 11:48:36 AM
#22
For example, I believe Satoshi's email was compromised, despite them being something of a security expert to implement what they did into Bitcoin. Now, I can't remember the specifics so it may have been that Satoshi wasn't at fault, and the company that hosted it was.

That's correct -- he wasn't at fault. The email name expired and somebody else grabbed it and re-registered it.

However, you could argue that's even poor security since they don't own the email, and relied on a third party.

That's true but its also poor form to accept what the new owner would write under his name w/o some sort of PGP signature proof... unless its Luke-Jr's PGP proof I suppose.

Dude seemed to be begging for a security incident like this to happen. I call it karma for using his position to attempt to unilaterally stifle one of the most innovative platforms to ever be built atop Bitcoin.

Great news! Pay-to-PubKeyHash Functionality Added
https://www.counterparty.co/pay-to-pubkeyhash-functionality-added/
Great news! Filter added to block this crap in less than 5 minutes, and 1 line of code.

A lot of overconfident crypto gurus got rekt in 2022; it appears the trend isn't over yet.
staff
Activity: 3304
Merit: 4115
January 03, 2023, 11:29:57 AM
#21
I'm not saying this is what happened, but it's not uncommon for some of the more talented security experts to be compromised themselves. It comes down to that age old debate of security vs convenience, and a lot of the time by human nature we'll pick convenience. Again, not saying that's what happened here. I'm saying it's very easy to get complacent, and make mistakes. For example, I believe Satoshi's email was compromised, despite them being something of a security expert to implement what they did into Bitcoin. Now, I can't remember the specifics so it may have been that Satoshi wasn't at fault, and the company that hosted it was. However, you could argue that's even poor security since they don't own the email, and relied on a third party.

I'm sure some of the details will emerge once they've gotten to the bottom of it, and it's very likely a user error, and not something fundamentally wrong with Bitcoin.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 03, 2023, 04:01:13 AM
#20
What can we also do to better ourselves and avoid such situation? Is there anything he could do do avoid this?

Use cold storage safer, i.e. transfer tx via images, not USB stick between cold and hot storage or simply use hardware wallet.
Make sure the private keys have never been and never will be on a computer that will go online, not even for printing them.

This kind of precautions should at least keep the cold storage safe.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
January 02, 2023, 04:35:58 PM
#19
Seems he was targeted with some malware ...

So he knew he was attacked a month ago and now lost the coins? Must have been a very slow hacker but the victim seems to be even slower.
copper member
Activity: 1330
Merit: 899
🖤😏
January 02, 2023, 11:54:23 AM
#18
Is there anything he could do do avoid this?
Stay anonymous no matter what.
legendary
Activity: 1680
Merit: 6524
Fully-fledged Merit Cycler|Spambuster'23|Pie Baker
January 02, 2023, 11:05:59 AM
#17
LOL. Is it a joke or a drama for a new year?

Apparently, it is not a joke...

Excuse me, who is Luke Dash Jr.? Is he one of forum moderators?

Luke-Jr is not a forum moderator, but a person very important for Bitcoin, for Bitcoin development and also for its history. He is one of the most iconic figures which worked for Bitcoin. According to his LinkedIn profile, he works on developing Bitcoin and Bitcoin Core since 2011. Among his greatest achievements, he mentions the following the following (highlight is mine):

- Longest-contributing Bitcoin Core developer, since the start of 2011
- Lead maintainer of the enhanced Bitcoin Knots derivative
- Diagnosis and addressing of various security issues, some critical to the Bitcoin network (including many CVEs)
- Assist in community outreach/education by regular interaction on Twitter and reddit, as well as occasional conferences and meetups
- Current editor/maintainer of the Bitcoin Improvement Proposals standards process and repository
- Maintainer of BFGMiner (formerly cgminer) Bitcoin mining software
- Ongoing research into protocol changes (hardforks, softforks, extension blocks, forward blocks, etc)
- Ongoing research into safe block sizes/weights, network security models, etc
- Maintain real-time Bitcoin network statistical information, monitoring network security, software being used, etc
- Maintain Gentoo packages for various software projects, including Bitcoin Core and Knots
- Helped design Segwit as a softfork (BIP 141), and updated getblocktemplate for Segwit (BIPs 9 & 145)
- Assisted in careful deployment of the BIP 148 Segwit UASF, avoiding a possible catastrophic chain split
- Wrote KYCPoll, polling software to use Bitcoin exchange KYC for human verification, to aide in measuring community support for proposals
- Research into the concept of sidechains and co-authored the original sidechains whitepaper
- Primary author of "getblocktemplate" decentralized mining protocol standard (BIP 22/23) as well as reference implementations in C and Python
- Founder and former operator of Eligius mining pool
- Provided an alternative implementation of P2SH (OP_CHECKHASHVERIFY, BIP 17)
- Designed a number of mining pool reward systems to ensure fair division of mining rewards
- Expanded BTC precision from 2 decimal points to 8.



All in all, when even such profilic coder, which such vast knowledge, gets into such situation, we all should raise question marks. What actually happened to him? How was his key compromised? What can we also do to better ourselves and avoid such situation? Is there anything he could do do avoid this? And so on...
full member
Activity: 574
Merit: 152
January 02, 2023, 10:23:37 AM
#16
And while OP may be wrong on the mod part, the rest is quite concerning (for both sloppiness and the actual fact he got hacked).

He was moderator of the bitcoin wiki section here in meta. That changed after this post was made.

https://i.imgur.com/XIDfB3G.png
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 02, 2023, 05:23:13 AM
#15
I've just found out that this topic is also discussed on Bitcoin Discussions.
And @tranthidung does have a point: this may not be META material.

...So... maybe we continue there? https://bitcointalksearch.org/topic/bitcoin-developer-lukedashjrs-wallet-was-hacked-5432665
legendary
Activity: 2212
Merit: 7064
January 02, 2023, 05:14:38 AM
#14
Asking government agency for help over Twitter was such a silly move from Luke :/
Bitcoin Knots wallet is also affected by this because it is signed by Luke Dashjr's OpenPGP key, so if you are using this wallet better stop right now.

I checked BTC address Luke posted and it's possible that he lost around 200 Bitcoin because of this, and he claims they compromised him a while ago and planned for this.
There is still a possibility that his Twitter account was hacked because nothing about this was posted on Mastodon and other platforms.
It would be great to see him making a post about this in bitcointalk forum.

Worst thing about this incident is that we have CZ ''savior'' who claims he will now FREEZE Bitcoin connected with Luke Dashjr if someone sends them to his Binance exchange.  Roll Eyes

Quote
“Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have Law Enforcement (LE) relationships worldwide”
https://twitter.com/cz_binance/status/1609663902610034691
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 02, 2023, 04:37:35 AM
#13
Excuse me, who is Luke Dash Jr.? Is he one of forum moderators?

I know that he's one of the known Bitcoin Core devs and I know that he's on other projects too and since his PGP key has to be considered compromised, people should be very careful.
About what's his role on this forum... this is his account, I don't know if he's mod on the forum.

And while OP may be wrong on the mod part, the rest is quite concerning (for both sloppiness and the actual fact he got hacked).
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
January 02, 2023, 03:39:44 AM
#12
This came across my newsfeed; https://i.imgur.com/eguNNcT.png

Not really sure which sub-topic to post in.
LOL. Is it a joke or a drama for a new year?

I have never known about Luke Dash Jr. but I am thankful for your feed from which I did a search and here we go with

That chat log is too long and I did not read it all. Excuse me, who is Luke Dash Jr.? Is he one of forum moderators?
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
January 02, 2023, 02:20:45 AM
#11
According to Peter Todd it's not a Twitter hack and it's for real
https://mobile.twitter.com/peterktodd/status/1609655629903265795

Although I fail to understand that
* everything is lost, even cold storage (come on...)
* he was asking FBI for help

FYI I've confirmed that this is real and not a Twitter hack via a mutual friend.

IIUC he used Gentoo as his desktop and didn't keep different activities separated. So backdoored software is one of many ways this could happen; he may not have been targeted.

Use @QubesOS
 people.
Quote Tweet
@[email protected] on Mastodon
copper member
Activity: 783
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
January 01, 2023, 10:47:34 PM
#10
Seems he was targeted with some malware ...


https://twitter.com/LukeDashjr/status/1593227756841578496?s=20
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
January 01, 2023, 10:43:38 PM
#9
Also, it's a pretty bad fucking sign when one of the top contributors is getting rekt.  I suspect we will see some severe dominos flopping this year.
While I'm on the side that his social handle was compromised and the tweet could likely be fud created by who controls the account now, I would also say that should it be true, it doesn't reflect on the state of the Bitcoin protocol.

An experienced user can make a mistake an slip up, this doesn't make Bitcoin less safe or secure, it just means that someone wo should know better didn't.

If Luke can get hacked... a lot of others can be too.
If a lot of others don't make any mistakes when ensuring their security, they would not get compromised.
legendary
Activity: 4004
Merit: 1250
Owner at AltQuick.com
January 01, 2023, 10:22:15 PM
#8
Perhaps, he should worry less about COVID and more about security.

Also, it's a pretty bad fucking sign when one of the top contributors is getting rekt.  I suspect we will see some severe dominos flopping this year.

If Luke can get hacked... a lot of others can be too.

A long time ago, I asked GoDaddy if they would please accept Bitcoin, and their response was basically "We won't ever accept Bitcoin because Bitcoins have a tendency to go missing overnight."  People have tried to paint Bitcoin as a safe investment... when it's simply not safe at all.  I love Bitcoin, but we are in new waters here and high risk as hell, in more ways than one.

I wonder how much of his code contributed to Bitcoin is leaky too.

"Luke Warm" wallets... can we add that term to the Bitcoin Wiki, please?!
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
January 01, 2023, 09:47:51 PM
#7
Or is the twitter account that's compromised and posting nonsense?
Unless Luke posts a revocation cert for the allegedly compromised PGP key, I'm guessing it's this one.
Let's wait for it.
It's unlikely a core developer will have such low IQ.

By the way, it's not April 1st. Right? :-P

My thoughts too. Surely at $18 million if you cared about the funds you'd think twice about storing them online or in any way that'd make them easier to attack. Edit: unless the funds were held by those keys to confirm whether they had been compromised or not - an attacker finding $2 million might be happier with that instant reward over trying harder to mess up more systems.

Also, the lack of signed message doesn't make much sense either - it would be one of the fastest and most reliable ways to prove the key was actually compromised rather than the twitter account.
legendary
Activity: 2464
Merit: 3878
Hire Bitcointalk Camp. Manager @ r7promotions.com
January 01, 2023, 09:35:58 PM
#6
Or is the twitter account that's compromised and posting nonsense?
Unless Luke posts a revocation cert for the allegedly compromised PGP key, I'm guessing it's this one.
Let's wait for it.
It's unlikely a core developer will have such low IQ.

By the way, it's not April 1st. Right? :-P
Pages:
Jump to: