Topic: Moderator Account may be compromised? (Read 430 times)

I would've done it but I'm afraid of getting banned from the wiki for spam (besides, Lukejr was the admin who gave me the edit perms in the first place IIRC, so with him distracted, who would give it to me now?  )

I really don't know what was Luke-Jr setup, that's why I still have my doubts that this story is for real.

franky1 has a post in another topic which could be relevant information (if it's correct, which I don't know). There may be that some of the old/original bitcoiners may have a different view on what is cold storage and that wallet may have been exposed to his LAN, which probably got compromised.

Of course, while any minimal security measures were okay 10 years ago, anybody with a sense of reality would know that more and more security is needed with every year passing and every more dollar on the price.

But... these are well known... Do you think that Luke-Jr was not aware of such procedures and he made am amateur mistake...?

---

Regarding Satoshi's email, it wasn't his fault. It wasn't even the fault of the email provider. The email address simply expired and someone tenacious enough, which probably followed that email everyday (or maybe someone very, very lucky), found the exact day when the email could be registered again.

It may sound incredible, but I am sure that there are people around the world which pursue such moments, hoping that their victim forgot about -- whatever thing they look for. For example, I remember a post related to prolonging expiry date for bitcoin.org and bitcointalk.org. Don't you think that there are also many malevolent (I mean no pun toward our malevolent ) individuals, which keep counting until these domains expires, eagerly waiting to see if either Cøbra or theymos maybe forgot to pay for the domains and, if such thing would happen, they would quickly buy the domains? Same happened to Satoshi's email, I guess...

About Luke-Jr, maybe he will come up here and describe the situation a bit more, thus we can also understand what really happened...

That's correct -- he wasn't at fault. The email name expired and somebody else grabbed it and re-registered it.


That's true but its also poor form to accept what the new owner would write under his name w/o some sort of PGP signature proof... unless its Luke-Jr's PGP proof I suppose.

Dude seemed to be begging for a security incident like this to happen. I call it karma for using his position to attempt to unilaterally stifle one of the most innovative platforms to ever be built atop Bitcoin.


A lot of overconfident crypto gurus got rekt in 2022; it appears the trend isn't over yet.

I'm not saying this is what happened, but it's not uncommon for some of the more talented security experts to be compromised themselves. It comes down to that age old debate of security vs convenience, and a lot of the time by human nature we'll pick convenience. Again, not saying that's what happened here. I'm saying it's very easy to get complacent, and make mistakes. For example, I believe Satoshi's email was compromised, despite them being something of a security expert to implement what they did into Bitcoin. Now, I can't remember the specifics so it may have been that Satoshi wasn't at fault, and the company that hosted it was. However, you could argue that's even poor security since they don't own the email, and relied on a third party.

I'm sure some of the details will emerge once they've gotten to the bottom of it, and it's very likely a user error, and not something fundamentally wrong with Bitcoin.

Use cold storage safer, i.e. transfer tx via images, not USB stick between cold and hot storage or simply use hardware wallet.
Make sure the private keys have never been and never will be on a computer that will go online, not even for printing them.

This kind of precautions should at least keep the cold storage safe.

So he knew he was attacked a month ago and now lost the coins? Must have been a very slow hacker but the victim seems to be even slower.

Stay anonymous no matter what.

Apparently, it is not a joke...


Luke-Jr is not a forum moderator, but a person very important for Bitcoin, for Bitcoin development and also for its history. He is one of the most iconic figures which worked for Bitcoin. According to his LinkedIn profile, he works on developing Bitcoin and Bitcoin Core since 2011. Among his greatest achievements, he mentions the following the following (highlight is mine):

- Longest-contributing Bitcoin Core developer, since the start of 2011
- Lead maintainer of the enhanced Bitcoin Knots derivative
- Diagnosis and addressing of various security issues, some critical to the Bitcoin network (including many CVEs)
- Assist in community outreach/education by regular interaction on Twitter and reddit, as well as occasional conferences and meetups
- Current editor/maintainer of the Bitcoin Improvement Proposals standards process and repository
- Maintainer of BFGMiner (formerly cgminer) Bitcoin mining software
- Ongoing research into protocol changes (hardforks, softforks, extension blocks, forward blocks, etc)
- Ongoing research into safe block sizes/weights, network security models, etc
- Maintain real-time Bitcoin network statistical information, monitoring network security, software being used, etc
- Maintain Gentoo packages for various software projects, including Bitcoin Core and Knots
- Helped design Segwit as a softfork (BIP 141), and updated getblocktemplate for Segwit (BIPs 9 & 145)
- Assisted in careful deployment of the BIP 148 Segwit UASF, avoiding a possible catastrophic chain split
- Wrote KYCPoll, polling software to use Bitcoin exchange KYC for human verification, to aide in measuring community support for proposals
- Research into the concept of sidechains and co-authored the original sidechains whitepaper
- Primary author of "getblocktemplate" decentralized mining protocol standard (BIP 22/23) as well as reference implementations in C and Python
- Founder and former operator of Eligius mining pool
- Provided an alternative implementation of P2SH (OP_CHECKHASHVERIFY, BIP 17)
- Designed a number of mining pool reward systems to ensure fair division of mining rewards
- Expanded BTC precision from 2 decimal points to 8.

---

All in all, when even such profilic coder, which such vast knowledge, gets into such situation, we all should raise question marks. What actually happened to him? How was his key compromised? What can we also do to better ourselves and avoid such situation? Is there anything he could do do avoid this? And so on...

He was moderator of the bitcoin wiki section here in meta. That changed after this post was made.

https://i.imgur.com/XIDfB3G.png

I've just found out that this topic is also discussed on Bitcoin Discussions.
And @tranthidung does have a point: this may not be META material.

...So... maybe we continue there? https://bitcointalksearch.org/topic/bitcoin-developer-lukedashjrs-wallet-was-hacked-5432665

Asking government agency for help over Twitter was such a silly move from Luke :/
Bitcoin Knots wallet is also affected by this because it is signed by Luke Dashjr's OpenPGP key, so if you are using this wallet better stop right now.

I checked BTC address Luke posted and it's possible that he lost around 200 Bitcoin because of this, and he claims they compromised him a while ago and planned for this.
There is still a possibility that his Twitter account was hacked because nothing about this was posted on Mastodon and other platforms.
It would be great to see him making a post about this in bitcointalk forum.

Worst thing about this incident is that we have CZ ''savior'' who claims he will now FREEZE Bitcoin connected with Luke Dashjr if someone sends them to his Binance exchange.  

https://twitter.com/cz_binance/status/1609663902610034691

I know that he's one of the known Bitcoin Core devs and I know that he's on other projects too and since his PGP key has to be considered compromised, people should be very careful.
About what's his role on this forum... this is his account, I don't know if he's mod on the forum.

And while OP may be wrong on the mod part, the rest is quite concerning (for both sloppiness and the actual fact he got hacked).

LOL. Is it a joke or a drama for a new year?

I have never known about Luke Dash Jr. but I am thankful for your feed from which I did a search and here we go with

• [BCT FACT] Bitcointalk was originally on Bitcoin.org but ... drama
• I actually read that topic in 2019 but totally forgot it and Luke was not in my mind.
• A related announcement Forum moved to bitcointalk.org

That chat log is too long and I did not read it all. Excuse me, who is Luke Dash Jr.? Is he one of forum moderators?

According to Peter Todd it's not a Twitter hack and it's for real
https://mobile.twitter.com/peterktodd/status/1609655629903265795

Although I fail to understand that
* everything is lost, even cold storage (come on...)
* he was asking FBI for help

Seems he was targeted with some malware ...


https://twitter.com/LukeDashjr/status/1593227756841578496?s=20

While I'm on the side that his social handle was compromised and the tweet could likely be fud created by who controls the account now, I would also say that should it be true, it doesn't reflect on the state of the Bitcoin protocol.

An experienced user can make a mistake an slip up, this doesn't make Bitcoin less safe or secure, it just means that someone wo should know better didn't.

If a lot of others don't make any mistakes when ensuring their security, they would not get compromised.

Perhaps, he should worry less about COVID and more about security.

Also, it's a pretty bad fucking sign when one of the top contributors is getting rekt.  I suspect we will see some severe dominos flopping this year.

If Luke can get hacked... a lot of others can be too.

A long time ago, I asked GoDaddy if they would please accept Bitcoin, and their response was basically "We won't ever accept Bitcoin because Bitcoins have a tendency to go missing overnight."  People have tried to paint Bitcoin as a safe investment... when it's simply not safe at all.  I love Bitcoin, but we are in new waters here and high risk as hell, in more ways than one.

I wonder how much of his code contributed to Bitcoin is leaky too.

"Luke Warm" wallets... can we add that term to the Bitcoin Wiki, please?!

My thoughts too. Surely at $18 million if you cared about the funds you'd think twice about storing them online or in any way that'd make them easier to attack. Edit: unless the funds were held by those keys to confirm whether they had been compromised or not - an attacker finding $2 million might be happier with that instant reward over trying harder to mess up more systems.

Also, the lack of signed message doesn't make much sense either - it would be one of the fastest and most reliable ways to prove the key was actually compromised rather than the twitter account.

Let's wait for it.
It's unlikely a core developer will have such low IQ.

By the way, it's not April 1st. Right? :-P