Bitcoin Forum

It appears more than $3 million in bitcoin was stolen. This is very sad to see and I reckon some people should not make fun of this similar to those imbeciles who are replying in this thread in Twitter.



PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please.

Source https://mobile.twitter.com/lukedashjr/status/1609613748364509184

Looks like some of it is coinjoined to 1YAR6opJCfDjBNdn5bV8b5Mcu84tv92fa

Source https://mobile.twitter.com/LukeDashjr/status/1609621375349555204

432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930

c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190

4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851

50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6

Source https://mobile.twitter.com/LukeDashjr/status/1609657854113218560

These are terrible news. Was his PGP hacked and the keys found there? Weren't his keys stored offline? I think it's better to rely on a good and old notebook than on any digital devices...

I hope he can track the hacker's addresses and reach authorities faster as possible to get them before the coins are mixed and disappear forever. As I see, he has already tagged FBI on Twitter. Hopefully he will recover his coins!

He has since released an update saying everything's gone. PGP and cold wallet compromised. That's hundreds of Bitcoin stolen.

I wish he provided more details as to what exactly happened. I hope he'll get back and provide more facts. People are now asking questions, speculating on what might have happened.

I'm looking forward to hearing the two cents of experts here. There will be many lessons to learn from this unfortunate incident involving no less than a Bitcoin developer himself who is fully aware of all the necessary security measures.

In the absence of a revocation cert for the allegedly compromised PGP key, my money's on his Twitter account being hacked and posting FUD. Does Twitter even still have a security team after Ol' Musky's latest round of firings?

FBI wouldn't even read his tweets, they are slow and of no use. He should track and contact the exchanges asking them to freeze the funds incase the hacker tries to deposit in any of the top ones to convert the coins into stables.

---

After loosing everything, a normal human wouldn't be in the state of explaining things for quite sometime. Lets give his mind sometime to accept the fact, although we know its his own mistake somewhere :(

Nope, none to speak of Twitter is mostly on autopilot at this point.

But until we here more directly from him I would think it's his Twitter account that has been hacked.
His account logged in here last on Christmas eve. (My time)
But no posts for months.

And unless he was doing something odd, his PGP keys have nothing to do with his BTC.

I'm also guessing that he could at least pick up the phone and call someone to make a post / comment here if he could not log in for some reason.

-Dave

That is good. CZ from Binance has already replied to his tweet:

https://i.imgur.com/74S3MUr.png

---

Anyway, if it were a prank, why would anyone hack his Twitter account, and post a BTC address containing 200+ BTC received recently with no transactions ever sent?

Maybe I am wrong but I think that his Twitter is perhaps compromised and it’s not him posting. He is a smart guy. He probably has iron clad security.

Because I find it odd he would post “fbi please help” or saying his PGP is compromised which wouldn’t do anything related to his hot wallet. Only the software he signs.

Also if it’s true cold storage it’s not possible to get that stolen. I think that his Twitter is hacked due to the leak last week and he is going to post a “please send donations” tweet and that’s the payoff in this hack.

That is an odd statement for anyone who has been around as long as luke-jr to make. How is a PGP key related to bitcoins being stolen? And what kind of help is he expecting to get?

Peter Todd claims it's real: https://twitter.com/peterktodd/status/1609655629903265795, as does midnightmagic: https://twitter.com/midmagic/status/1609734368599347202

I've also heard from a couple of other secondhand sources that this is real, but I have not checked with luke myself.

---

If they were being kept on the same machine that has been compromised, that's how.

Help with doing forensics to figure out what happened, help with recovering the funds. And just generally, probably panicking too.

How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong?

He is not giving us much detail but what if this wasn’t a hack but instead someone physically broke into his house. He is claiming that they got his Bitcoin on cold storage, how else can that be stolen?

If hardware wallet or electrum was compromised then we would get more reports. Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.

No idea what to make of this. There is also a poll and 65% think he wasn’t really hacked.

This is my biggest fear and the worst hypothesis for this case. Hackers having technology at their disposal to break the security of blockchain. The consequences of this would be much more impactful and harmful than a single person losing 200 BTC. It could be the end of bitcoin in this case, as no one would be safe anymore. It is said by 2030 quantum computers would be able to break encryption protocols, including of bitcoin.

Good lord. I usually go "meh, another careless dude" when someone gets hacked, but we're talking about Luke here — an actual OG developer; probably a hundred times more technically literate than me. This made me nervous as hell.

he said his server was hacked a couple months ago.. compromising his PGP key..
thus he probably had a hot wallet and pgp key store on his server that was hacked

doubt it was a burglar entering his house to steal his hardware wallet. he would notice that and not be questioning "how"

Yes this seems like the most possible explaination but he is saying the server didn’t store any bitcoins or have access to those bitcoins.

Reading his posts he claims that he has bars on his office windows, and has a large heavy door that he locks with the key. And he also keeps everything separate on his activity between different computers.

And reading more into this, it seems it might actually be real and freaking out how this can happen to someone with security so tight and somehow got his bitcoins stolen.

Here is the tweet about it: https://mobile.twitter.com/LukeDashjr/status/1593227756841578496

I am actually thinking the other way, that something else on his network was compromised and that allowed access to his server.
But if they also got private keys in cold storage then it could also be a physical attack that he was not aware of or something else.

He said that the attack on his serves was targeted to them.

Very strange. But, not out of the realm of possibility.

-Dave

precisely on November 17, 2022 he said in his tweet that an unknown person accessed his server and a full analysis is underway.
https://twitter.com/LukeDashjr/status/1593227756841578496

But whether he continued to trace it or not, perhaps he assumed that the attack was just an ordinary attack. But in fact it currently has an impact on hacking the PGP Key it has.

A Reddit user calling himself SatStandart suggested that Dashjr not separate different activities
https://www.reddit.com/r/CryptoCurrency/comments/100tn95/bitcoin_core_dev_gets_more_than_200_btc_stolen/

Dashjr also informed users in his latest Twitter thread that he only became aware of the recent hack after getting emails from Coinbase and Kraken about login attempts.

CZ as The CEO of Binance also expressed his concern via Twitter at the hacking incident experienced by Luke Dashjr.
https://twitter.com/cz_binance/status/1609663902610034691

LukeDashjr, as the core developer of Bitcoin Core, can be hacked, especially for those of us who are nobody, of course it's easier to hack. But this is also due to weak security levels and needing updates and not being careless and taking every attack seriously.

If someone like that is not using multi-sig or a hardware wallet then they are asking for trouble.

Hate to say it, but he is a big freaking target for hacks, not even to get to his BTC but to get access to what else he has access to in terms of development and coding and private discussions with others. Getting what he had in his hot wallet on his workstation is probably a bonus. As he posted his implementation of Knots may have been compromised. That could have been a much bigger target.

-Dave

Maybe so, but I trust crypto, not secondhand sources. Wake me up when the PGP key's revoked.

speculated scenarios based on limited stuff said:

"email notifications from kraken/coinbase"
maybe the hacker got to the coins he had on an exchange

or

he uploads binaries for his bitcoin knots node to his server from github. hacker replaced binary with compromised one. luke downloaded binary from server without checking (who actually checks their own work if you believe you were the one that uploaded it(why check the binaries twice))
and then put his keys into the compromised binary of bitcoinknots and "byebye bitcoinio"

both seem more plauible than a burglar entering his house.. again she would notice and not be questioning the how if his house was compromised

That's a coordinated/targeted-attack, and probably his way of securing the keys were not very good enough. I believe we should learn from this, and start using different paths/strategies to secure our keys. If you have your whole savings in Bitcoin it's probably better to use different wallets and secure them differently to confuse the attacker. Use - Hardware Wallets, Encrypted Wallets, and other wallets written down and secured through lock/key vaults.

It depends on his cold wallet setup/usage. For example, using USB storage to transfer unsigned and signed transaction could  be exploited by specifically designed malware.


1. It won't be end of Bitcoin if Bitcoin switch to quantum-resistant cryptography.
2. Bitcoin don't use encryption protocol, but digital signature and hash cryptography.

Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm...

While Peter Todd has confirmed the story, also on Twitter, I find it incredible and I still tend to think that's higher chance both Twitter accounts (Luke-Jr and Peter Todd) are compromised than all this story (including Luke calling on Twitter for FBI, come on...). Even more, no sign of this story on his Mastodon/BitcoinHackers account (https://bitcoinhackers.org/@lukedashjr).

Well, that's just great, new year starting with this story for bitcoin, mixers are always involved in theft related to btc, they are going to mix and get away with it. Feeling sad for the guy.

What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security.
Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?

Get a hardware wallet. Or a SeedSigner device.
...Or set up both your cold storage and companion watch only hot wallet with Electrum on laptops with cameras, hence allowing you transfer those transactions (unsigned and signed) as QR code images.

If you're adding a secondary cold storage:
* you're doing it wrong
* you've misunderstood something and need to read more

However, this is off topic, if you have more questions please make a new topic with them.

To me, this story is incredible, that a man who should understand all the risks and secure his funds better than most is hacked in this way? If by any chance it was an online/hot wallet, everything would still make sense, but a cold wallet should be immune to all online attacks, even though @ETFbitcoin mentions a possible way to compromise such storage.

It would be nice if everything was actually a consequence of Twitter's still poor security and that someone was playing a little with hacked profiles...

You should be just fine if you keep Bitcoin in hardware wallet (Trezor, Passport, Bitbox, Keystone...) and keep seed phrase in secure way offline, but best protection is certainly using multisig setup.
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.

This is not good at all.
We don't want Binance freezing coins all the time, and we already know that CZ would love to control Bitcoin blockchain and reverse transactions whenever he wants.

The QR code idea is genius. No need to be connected to the internet and therefore much more secure.
I'll be binge reading a lot of articles and information in the next few days.
Thanks.

Speaking of CZ now this incident support his claim about self-custody being more risky.  The follow up article after the initial report on the hack talks about the reaction of the community with regards to the incident of hacking.  And now the reaction is negative because the issue of self-custody is being highlighted and many worry that even the core developer who should be knowledgeable on security has been hacked, what more their grandma's wallet.


Other assumption thinks that the incident of is just a boating incident to avoid paying taxes[1].

---

[1] https://cointelegraph.com/news/bitcoin-core-developer-claims-to-have-lost-200-btc-in-hack

Thanks for the tip. Will definitely look into it.
Let's assume Luke is being truthful and did get hacked. How hard is it going to be for the hacker to turn those BTC into cash? I saw a tweet where CZ said if they are moved to Binance they will be frozen. I'm assuming other major crypto reserves will do the same since an online footprint has been left behind?

Considering this is a Bitcoin developer we are dealing with, they are going to take this matter very seriously. It's not like he's going to get stonewalled by endless layers of customer support bots & human reps like us ordinary plebs do...

---

I admit that I haven't fully grokked all the details about this so I'll be investigating more about this event.

lol you are right though, the only reason Luke is getting so much assistance and help (which I am happy about) is because he is a high profile individual. I've seen countless threads online where similar things have happened albeit with much less BTC and it is not taken seriously.

Well this is a bad story.

200 BTC are huge money for most of us, but Luke Himself said it' a "large" part, not "all" of his Bitcoins.

Two consequences:
1.A  lot of bad FUD will come out of this story. "if even an OG bitcoin- core developer" cannot take his Bitcoin safe, who on Earth will be able to do so?"
2.Many of us will review practices to become more responsible managing satoshi. A long overdue review of all the processes involving UTXO manipulation will be carried out by most of us, following this new. And this is a good thing.

A question arose on the point of security and how secure can we keep our keys and Bitcoins safe, if it's not even safe at our home. If a core dev like Luke can lose his btc stored since a long time, then anybody here will panic and will try to find the best possible way to store their coins so not to become a victim of such a consequence.

I'm feeling extremely sad on Luke's part but as we have never held 200 btc (most of us) till date, I don't think we are capable of knowing how he must be thinking atm.

like myself. i have hoards from earlier years. that have not been moved. so due to lack of multisig in early years it wouldnt have been put on multisig when first received. and (even i havnt) bothered to move coins from old stash

if using multisig when its just you using all the keys. multisig ais a little pointles because you have to bring the keys together into one computer to compute address and also to make spends. thus pointless using becasue the keys would be just as compromised

multisog is only useful for multiple parties to sign separately in separate locations and then only need to append signature to a raw tx
...

coins were not on a hardware wallet. as that also requires moving coins from old addresses

he said he had alot of old legacy keypairs, some on a hot wallet and some backed up in physical form(paper wallet, usb stick) stored in a physical house-safe

he said he doesnt have a hardware wallet or airgapped pc.

As I said, this story will have te positive fallout of making us reconsider why we "didn't bother" to do something.

Not stating that multisig is the right choice, but the "didn't bother to..." is the wrong one.
Every action, or every non action, means there is a need of an assessment of risks.

I don't understand why anyone would panic and feel insecure at this moment, because no one hacked Bitcoin, but one man obviously made a wrong step somewhere and now he paid the price for it. The fact is that such a thing shouldn't have happened to a person like him, but it shouldn't have happened to the computer scientist whose HDD ended up in the trash, or to the engineer who forgot the device password and now only has a few attempts before the device resets.

People have always been and will remain the weakest link in any setup, no matter how secure it may seem at some point.

The transaction weren't conjoined. If there were a conjoin he wouldn't possibly be traced to a final address.
He might mean that PART of the input in those transactions are his original UTXO?

1YAR.. is not an address under his control, so the heuristic claiming all the funds are from this hack has to be proven.
For sure, he is not adding clarity to this story.

i would say even i got complacent...
thinking back i probably also have my keys at some point touching atleast three PC's i own (not this one i use for forum/lifestyle internet use. im not that dumb)
and i havnt moved the coins in over a decade. so i probably will be moving my stash to fresh keys (when i can be bothered) where the new private keys have not touched a online pc

i kinda dont feel its complacency. it was more of a trophy to not want/need to touch/move coins in years. but from this saga, i can see it from an outsiders prospective of being like complacency

so i agree it might kick some people up the ass to motivate them passed the 'trophy hoard' mindset (appeal of not moving=its own proof of patience. (that my excuse anyways))

This year has started terribly for him, to loose $3 million at the beginning of the year where there are many expenses to bother you already is a very sad story. This story only is a reminder that anyone can be hacked if they let their guard down. Anyone can be target regardless of how well you know about bitcoins or not, if you don't practice safe security measures and you let your guard down even for a day, It can put your bitcoins in danger of being stolen. I sincerely hope he finds out how he was hacked to prevent it from happening in the future.

Not trying to joke around or anything.  But could this be a 'lost my Monero in a boat accident' kind of 'hack'?  I can not wrap my head around how this could have happened.  Unless lukedashjr's way of storing his balance was mediocre.

-----

You see.  I think it is wrong to tie some body's domain to how much knowledge they have about a particular subject or to how good their behavior is.  May be a smart guy, but this does not stop him from being silly for once and trusting not storing his Bitcoin in Cold Storage.

I bet you there are a lot of people who are Seniors in digital security and have devices with weaker security than mine or have weaker passwords than I do.  There are things I sometimes preach that I do not do.  Do not know why if you ask me.

Maybe.  Sounds plausible, actually.  Who knows.

-
Regards,
PrivacyG

A simple cold wallet cannot be hacked, that is because you write your seed words with your own hands to a piece of paper in a room without cameras. The fact that these coins were available behind a password means there was a huge flaw. It is a shame this happened to someone who should have known better, but remember that is not Bitcoin's fault.

If you are going to hold that many coins, move them into a cold wallet. Its simple, write those words and don't tell anyone. Make another physical copy (with your own hands, no cameras or any electronic device) and store it in a different physical location, transfer the funds and delete your wallet. The truly paranoid learns to do this in an offline computer with a good OS running from optical media so that once you finish the wallet is gone and only the (written on paper by hand) seed words remain.

Remember that you can still do that today: Make a new wallet, write the words, transfer funds, delete. Practice with a few satoshis. You don't need to have those words electronically available behind a password, what for? Please learn from mistakes people.

I had same thought too but there are transaction hashes provided in tweets too, well they could be just random big transactions done by some other party, hope he gets them back.

the practice of security is easy
but alot of people with old timer coins enjoy the "proof of patience" of not moving coins periodically. its a trophy to hoard coins where the utxo is dated over 10+ years

im personally guilty of it, i imported wallets just to make sure that the data has not degreded or been edited to ensure i still had access to keys

the complacency is more about importing keys into wallets of hot (online) devices when you have no desire to move the coins, having keys presented to multiple systems even if your not moving coins. not wiping said devices after whatever you done

This is what happens when you reveal your real life identity to the public, especially if you are well known bitcoin developer which means you own at least a few hundreds.

This incident has nothing to do with him being sloppy with the security of his coins, this was an organized attack just because they knew his whereabouts.

Maybe if you are reading this post and have millions of $ in bitcoin be more careful what you reveal about what you have and who you are.

Maybe Satoshi knew something all along, that's why he disappeared given if he actually still alive.

Do you have any source for this claim?  If there is a place he would look into first, probably before even posting a tweet, I would assume it is where his seed was stored.

-
Regards,
PrivacyG

Is is kind of sad, not so long ago I made post this and now this happened.


Even gmaxwell merited it, as you see I almost described this exact situation.

That's the first thing I've thought about after reading achow101 reply stating that is is indeed real, this is just giving unlimited ammunition to critics, if the guy that helped develop the code, that for sure is more knowledgeable about risks and security, what about the uneducated that are risking everything, I can almost hear 1 million Helen Lovejoy screaming!

But I'm still not entirely convinced of this story, not because of the haking part, the coins moving etc, but this line in his tweet..

This feels like trolling, why would you tweet that? For sure he knows better than everyone how a complaint is filed and how you deal with it, but tweet about this?
But assuming this is real, stay away from bitcoin knots fro a while (I doubt that many were using it in the first place)

i know alot of people think there is a single telephone number that if you call it, 'CSI:cyber crime' team answer and speedily arrive at your house in 20 minutes to explore your computer.. sorry.. this is not how things work


if you read it properly and apply logic and common sense against it too
(if you read his other tweets it makes more sense in full context)

he did contact authorities by the usual routes(phone).. they were not interested/unable to help. his tweet was just a rant not a plea for help


to get hold of FBI you have to go through a rigmarole of call centres to escalate the situation. also it was late night of new years day. dont expect miracles


he was obviously not able to get to the centre of the FBI... and local authorities were (as known from other incidences of many people) just got sent around the pass the bucket brigade of call centres, saying there is "nothing they can do at local level and here is a crime reference number, bye"

I don't get the part about his server being hacked months ago. I'd take that as a warning that somebody is working on getting my coins and moved all of it even deeper into cold storage, probably to a hardware wallet. I mean I already have mine on a hardware wallet but from the looks of it Luke had it all on his machine and thought that since they all connect to a routing server and the hacker couldn't get into them last time, they're safe.
It's easy to say now after the fact but wiping the server and reinstalling everything after the first hack might've been a good idea. Getting in touch with the ISP to change your IP within their network might help too. We're talking about 3 million in BTC, no amount of scrutiny is too much.

his coins were on old legacy keys (before seeds were even a thing, before hardware wallets(seed based) were a thing)
he had backups EG (maybe)paper wallet and/or (most probably) usb drive of wallet.dat files

This comment is interesting.

https://mobile.twitter.com/vicariousdrama/status/1609925987453571073

If this is true he was using those addresses for donations. Was this a double spending issue? Did someone somehow attach another transaction to the existing one?
I have to say this is fare above my level, but somehow someone had to get access to his private key stored on that machine. I doubt it was really a cold wallet (paper/USB) He must've had it on one of his workstations.

If hacking cold wallets was possible like that someone would've got Satoshi's coins long ago.

Years ago I used to use a USB stick between offline and online computer. Then I read somewhere that its not perfectly safe because if the online computer has some worm, it can jump onto the USB key, and then when you connect the USB key to the offline computer it can infect that computer and steal coins. This was far fetched but it made me worry. So I searched for a full proof method.

Basically my old laptop had a crappy camera. However this camera sucked and couldn't read large QR codes. It also had a SD card reader. So what I did was use an old camera from 1995. And I would take photos of the QR code on ONLINE computer, put that SD card into the OFFLINE computer and read it and sign it. That SD card NEVER was connected to the online computer.

Once I signed the transaction, you can take your iPhone, go to Camera and point at QR code and it will display the signed raw transaction that you can later just go to an online block explorer and push it.

This way there is an "AIR GAP". This is probably even safer than hardware wallets however its a ton of work.

The only way I can think of this happening is in a non-standard storage configuration:

- PGP key is used to encrypt multiple Bitcoin private keys
- To spend the bitcoins, the password of the key is entered, and a transaction is made (by hand??)
- Hacker steals PGP key and message, and places a keylogger to get the password. Then they can swipe the coins.

Keep in mind I am still assuming at this point, this is probably NOT how he actually set up his cold wallet.

Can someone that knows him tell him to post something on his Mastodon or Bitcointalk account. People are asking him to post on another social medium to prove its him but he refuses. Normally he posts first to Mastodon and then Twitter, however now he doesn't post anything on Mastodon.

When a Bitcoin OG posts something such as its very strange because we all know you are suppose to verify the checksum after the download to confirm its legit.

This is like Satoshi making a post and saying something like "How can I mine Bitcoins on my Cell phone".

Exactly what I think.
All this is horrible news and only fuels my paranoia, still before jumping into conclusions, I will wait for an official statement, because we all know that hacking Twitter accounts is possible, and I want to assume a Core developer would know how to take care their Bitcoin in a proper manner.

Also, is there any way to know whether he revoked his PGP keys or not? I have seen many comments on this thread mentioning he has not done so yet.

Fingers crossed all this is just a Ruse.  :(

I also think it's strange. He said he has no time for Mastodon right now or something like that...
He wants FBI to help him, says they got his cold storage ??? Cold storage isn't really cold if you can hack it.
I have a cold storage that's on an unplugged computer with a clean system that was never used to browse sites or download any software, which I'll turn on only when I decide to move my bitcoins.
This is incredible that a dev who uses a specialized hardware (Talos) with linux, doesn't secure his coins better and wants the FBI to help him.

All I can tell is someone else has been trying to contact him and while someone had confirmation of all this (Peter Todd, he confirmed over Twitter the story is original), other haven't been able to contact him directly (Giacomo Zucco confirmed he messaged him on Telegram, but he hasn't got any answer so far.).

I have been thinking about the consequences as well, but I think this is all FUD.

This is probably Luke's fault. He is human. He knows a lot, and probably trusted more than he should in his skills.

Did he had all those 3 million USD in the same wallet? Why didn't he put in at least 5 different wallets?
Was he betrayed by someone close to him?

The main problem imo is that this is good for CZ and Binance.

Recently CZ was saying that "99% of people today holding crypto themselves will end up lose it"
https://i.ibb.co/6r142tT/Captura-de-tela-2022-12-15-221911.png (https://ibb.co/fqnCbNy)
Fonte: https://twitter.com/BTC_Archive/status/1603413440948834305

So, a few days later, a Bitcoin Core dev just lose it. In my local board there are already people saying that people should keep their funds in exchanges because it might be safer. Well, it is not!

This is an isolated case, and bitcoin is not at risk, and people should still be using hardware wallets to protect their money (IMO)

I read some of Luke Dash jr tweets relating to the comprised wallet and he said " If you're using a very old #Bitcoin Knots, it might expire today. Don't upgrade it. Instead, add to your bitcoin.conf file:softwareexpiry=0 or just wait to upgrade and use it until the dust settles."
I have no tech knowledge about Bitcoin core development but could this be that his wallet comprised attack all started from a dust attack?

This is why I always advise people to always use privacy services when moving cryptocurrency to their holding wallets. For the record doing this through Crypton Exchange only cost a few cents and the withdrawal are instant with no daily limit.

Notebooks can be damaged easily by natural calamities so there is still a danger on storing our keys there but a good one would be to embed them on some stainless metal. Hardware wallets is good too but we should only use the popular brands only to be sure that they are safe.

It is said that it was a bitcoin developer so it's somehow surprising if he didn't store his coins properly but we can't also underestimate the hackers. This news wasn't alone though but there are even exchanges who got hacked and we know that exchanges do also have a better security because they hold a lot of cryptos. The amount lost by the guy isn't small so will definitely learn from this and use a different approach to secure his coins.

Am I only one who find this amusing? Remember, Luke Dash-Junior is the fukker responsible for 51% attack against CoiledCoin by abusing mining pool power controlled by him.

Also, still nobody managed to hack me and steam my coins. And I am confident that nobody will be able. I am better in computer security than Luke.

It's definitely a sign that none of the cryptos at just a singular place is safe, no matter if it is in your ledger or on your pc or anything else. Singular place is always terrible.

Many people claim that "not your keys not your coins" because of exchange hackings, but at the same time if you end up putting it on binance, do you really think that binance will be hacked so big that they will fail to pay the customers? They have so much money that you could empty all of their hot wallets today, and their cold wallets would still cover everyone's funds. That is why I highly believe that they are going to be the best case if you want to safely secure your coins.

You could just send your coins to me for safekeeping. I also will not bend to LEA if ordered to freeze your coins. Single place is OK as long as it is only Your control and nobody else.

Complacency. This is the root cause of all this.
Thinking you are safe, make you do stupid things.
For example not moving your coins when you had the proof of a successful attack to your servers.


Those aver very old UTXO from a time when there were no such things as "wallets" , or proper HD ones. 

In the  compromised wallet.dat (now I get the irony of your question), there were UTXO with unrelated private keys, if this is what you are asking for.

Do not attack me for this, however for the skeptical me, another argument mentioned in Luke's thread that made sense was it was done to make everything appear like a hack so Luke can use it to write off taxes. Before you shake your heads on me, I am only saying it makes sense, I am not accusing him. I know Luke is a religious and a God fearing person who will never do something shameful only to avoid paying taxes. If this was Justin Sun it would be different hehehehe.

God ordered to hide his taxes from heathen government. Also God commanded him to hack CoiledCoin as well as smear blockchain with religious ramblings.

Being religious does not make person or his action good. Crusaders are perfect example from history.

ever since november Luke has been saying periodically how his server is being bombarded by hack attempts .. not just the PGP key compromise of november 17th but even a few times in december and on christmas day he was getting attacked.. and then on new years realising his coins had gone.

i beleive he probably backed up his server to a home PC(incase of ddos taking server down/needing to switch servers) where there was probably a virus on the server. he was also looking into a new server service so was most definitely ready to copy data from server A to a server B if he found one.. which also points to me thinking he backed up his serve at a home PC(bringing a virus along with it)

.. reading through tweens again.. and the story fits

november

december

Thanks for bringing this information, it is actually a good theory but for now I am personally interested in the fact some sources are mentioning cold wallets/addresses were involved in this theft.
Has he given any other statement about any of that? Because I am not even know how that is possible without him accidentally compromising his keys.

At first, I thought this was a Twitter hack, but now it does not seem like it...

OG people call hot wallets a wallet that is active on a server where the public have access to it..(exchanges and service providers)
a cold wallet is one thats independent and less accessible(such as home PC that may/may not go online..)

EG
your home full node is deemed a cold wallet
compared to CEX deposit&withdrawal nodes/bitnodes.com/bitDNSseed nodes which are hot

offline wallets are deemed 'airgapped' / hardware wallets

Never knew that. I assumed cold always mean hardware wallet and air gapped electrum setup. Didn’t expect it to mean it’s a hot wallet on its own node which you are hosting.

Because that’s obviously not safe since there could always be some exploit, even on an secure Linux system and the thief will have access to your wallet.dat file essentially.

He said that he never trusted hardware wallets or perhaps even wallets such as electrum you can run on cold storage. And I guess he figured he is better off using his online wallet for Bitcoin storage rather than a wallet created by a third party which is open source.

This is truly an unprecedented event!  From such an experienced developer in the field of blockchain, hackers managed to steal a large sum of money in Bitcoins....

At the same time, Bitcoin Core developers themselves give recommendations on the safe storage of the first cryptocurrency on their website.  Most Bitcoin users are guided by these recommendations when choosing one or another wallet to store their coins. 

In my opinion, this means acknowledging the fact that there is no completely secure way to store Bitcoins.  It is necessary to use all available methods to minimize the existing risks of losing cryptocurrency.

All the more reason not to believe anything he says.

None of that makes sense. Many exchanges have disappeared with their users' money, and indeed, some people lose their Bitcoins on their own. But let's compare the ratio: there are much more Bitcoins in self-custody than in exchange wallets. Let's not forget that Binance can take a user's funds whenever they want (https://bitcointalk.org/index.php?topic=5370726.0).

Self-custody is difficult though, and I've never been 100% satisfied with the balance between "not losing access" and "someone else gaining access".

Should he be removed from bitcoin development team? It seems this could have a negative impact on bitcoin as a whole. Just my opinion.

Luke was using an old wallet(no seed). If he would have started today, he would have used an air-gapped device to generate a seed.

The specific setup he used is not the recommended as of 2023 really, although it was the best at the time.

Basically, if your private key is never ever exposed to the Internet in any way, then those Bitcoins are going to be as safe as they can be.

That’s part of the hypothesis I was toying with, but that we can discard apparently, as he sets the two, PGP and bitcoin theft, as unrelated losses (although likely tied to the same set of events):
https://twitter.com/LukeDashjr/status/1610088091968061442

I’m not sure if I’ve skipped part of his explanations somewhere, but I don’t believe we’ve yet seen how those bitcoins private keys were protected on his (not so) cold wallet:
https://twitter.com/LukeDashjr/status/1609864852104675333

It’s possible that, believing his storage solution to be never in contact with the internet, the private keys were not really encrypted there (?).

ok so surprise to me. looking into it. i thought it was some old.. OLD stash of coins from an old.. OLD addresses (as it was said they were legacy and "seeds did not exist then")
and he was one of the biggest proponents of segwit.. yet in 2019-2022 was still using legacy.. (much like sipa stil does for donations)
(im not gonna go into the irony/hypocrisy of many debates about the whole ideational some devs had for segwit but not end up using it themselves.. ops just did)

---

however the coins that were lost were majority coins from a wallet that was shuffling and spending coins from 2019-september 2022..

so here is a short version of spends
there was a tx of 191btc UTXO in september 2022 to spend 20btc to give back change of 171btc
https://www.blockchain.com/explorer/transactions/btc/471c3bd4fc9cbaaa4dddd7f21acb070702723b2d03759066835c367d26667fd5

where the 171btc change, along with some other coins from other addresses then got raided at new years to send funds to a coinjoin(1YAR address)
https://www.blockchain.com/explorer/transactions/btc/432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930

(im not calling it a coinjoin, luke said the 1YAR address was a coinjoin)

so its now known he did expose keys to the internet in september 2022

..
as for the supposed 'coinjoin mixer' scenario luke hints.. strange thing is his raided coins went into the 1YAR address.. but have not moved out.

which does not sound like a mixer to me, usually mixers move coins out within 24-48 hours(max) of going in.. the dont stash/hoard coins for long

I tend to believe more and more it's a prank.

* The story is still only on Twitter and not on Mastodon, although it tells everywhere "Mastodon preferred"
* Stealing from the cold storage would be possible only if the user would be more than incredibly sloppy/uncautious.
* I don't think that somebody for so long in Bitcoin would ask for FBI help, and also would not do it on Twitter.
* Luke Dash Jr is (proudly!) asking for donations for his work; was he indeed owning 200 BTC ?!

I *know* that Peter Todd has confirmed the story, but the things still don't add up.


Yes, that too; I've followed some of those transactions and it looks more a consolidation of funds than anything else.

i dont like the guy, but im fence sitting this one, as much as possible trying not to lean over and pick a side to fall into

he wasnt asking for help from the FBI via twitter. he was ranting that the FBI was not helpful.. it was a rant not a plea for help. he did say he contacted the authorities via the normal route and got nowhere. (got stuck in the pass the bucket of call centre hell)
to me it felt more like he was just speaking aloud thoughts in his brain "grrr fbi where are you when i need you" rant

..
but as for the 'i got hacked, and coins were mixed'
that part is seeming less inline..

first he said coins were cold. whereby its actually shown coins were hot and used in september, thus wallet was exposed to internet

secondly funds of the addresses raided in new year were legacy which he said were origin funded before seeds and multisig existed..

thirdly they dont seem to be mixed because the 1yar address is not mixing them, its hoarding them
..

im trying to keep an open mind. but to me its looking more like he moved coins to a new address he owns(1yar) and is claiming "i been hacked" for a tax dodge

The person just lost his livelihood, it's not his fault/he was a target by hackers, then you want him, an experienced Bitcoin developer who has written thousands of lines of code, to be removed from Bitcoin Core development team? I believe not. If your house was robbed, I believe it would be unfair for you to be removed from the job. Plus there's no negative impact in my opinion. Bitcoin is OK, and he didn't intentionally write a nefarious line of code to break the protocol.

https://pbs.twimg.com/media/FlbOTgraEAAxauM?format=jpg&name=small

1YAR6opJCfDjBNdn5bV8b5Mcu84tv92fa  216.93331465 BTC

i think that comment was a tongue in cheek hint about the fact that gavin was removed from core when he was compromised(targetted and bribed by altcoin scammer CSW)

"Compromised". If there was proof that Luke Dashjr was truly "compromised" and he's working for the Flat-Earthers, then remove him from Bitcoin Core. OR if he starts a public declaration that Craig Wright is the "Real Satoshi". But currently, Luke Dashjr is simply a person who had his Bitcoins stolen from him. A mere victim of a hack.

windfury have you seen lukes religious beliefs recently.. one way or another luke is compromised. but the threshold is.. what?
im not saying he should be removed just for religious beliefs i was making a plain comment that someone else was hinting IN A TONGUE IN CHEEK manner that gavin got removed for "keys compromised" and dubious funding/commentary..

and now in this post. i am now saying.. so whats the threshold for removal from core team?? again not saying remove him. just a comment about whats the threshold(and its rhetorical not actually requiring an answer)

if you cant get satire/rhetorical comments. then please stop pressing the reply button to go streaming into 20 rants about how you adore things and think everything else is gaslighting you

(i feel your about to take a sly-small satirical comment made by someone else, and then me highlighting the cheekiness of said comment.. to go into a massive defend a dev debate that lasts weeks.. so lets just pre-empt all your lil digs and resolve it all in one post.)

edit above comments to address windfurys responses below(ending debate before he goes left field)

firstly i didnt say he was compromised. to the same extent as gavin..
YOU were having a dig at Digaran when HE suggested in satire to remove luke
I said digaran was making a tongue-in-cheek comment(aka satire).
(i guess you didnt get the hint)
YOU then(post below) acted as if i was saying what digaran said.. without you understanding what i or digaran was saying. in short you took things too far to cause more social drama

edit above comments to address windfurys responses below(ending debate before he goes left field)

---

anyways (only edited below the underlines to my points about compromise)
as for decisions of doing things to defend BITCOIN against compromised devs..
requires seeing if a devs PGP keys are compromised and ensuring that no one aimlessly downloads software containing a compromised keys signature post compromise of said keys..

however then
adoring a dev just because "they are core", ignoring their flaws as humans, treating them as gods just having a bad day.. is not good for the decentralised security of bitcoin. defending a dev above the security of bitcoin is also not a good trait to have

trying to be part of a kiss ass team wanting to break bitcoin rules to ensure bitcoin only follows a business sponsored roadmap is not good for bitcoin

and when a dev that was sponsored to implement a "feature" but is found later on not even using the feature they were highly involved in implementing.. says alot about the whole situation

you admiring luke due to a implementation involvement. yet then seeing luke himself doesnt use that feature in the last 5 years of opportunity to use it.. should make you probably want to call luke out for gas lighting you into a implementation you thought he truly wanted.. but later found out he doesnt use.. right?.. correct?
or are you still just going to kiss ass a dev as if devs never make mistakes.. as if he is a god having a bad day just because of some social drama team of dev idols you are in.

just because a dev wrote some code for bitcoin does not mean it requires blind idolism of them as gods. we actually should be critical and review devs regularly to keep them on their toes to ensure they dont keep putting trojans into the code.. not idolise them and pretend they can put anything they like in and dont need review and no one should criticise them

New development:
https://i.ibb.co/GTL4Hcz/61537190.png (https://twitter.com/polloponzi/status/1610057016659300352?s=61&t=5QJzXr-AQabhN5DtC60xFA)

Still shady af.
Definetly Luke is not doing everything to make it well understood.

How would CVE-2019-15847 be leveraged to make completely deterministic private keys in the first place? Libsecp256k1 that is used inside Bitcoin Core doesn't even use any RNGs from any APIs - it directly seeds from /dev/urandom.

the bit about gentoo(linux) and "they got it all" is about that he said he found malware that was script kiddie made but made to target his system(s) specifically

this means its the same people that were hacking him since november exploring his systems and then editing their malware to follow a path they seen so that they can get deeper into his system with each attack and get more access to things
..
manually hacking and exploring takes time which means more time for victim to spot an attack. but if you make a bot do most the work and you add on new paths per attack to automate the process so that you can get deeper each time before getting spotted then you have better chance of getting valuable data sooner with less attacks needed to explore the system

This is really bad PR for Bitcoin.

If one of the most experienced devs can't keep his stash secure, how do we expect a random, way less tech-savvy users to do it?

So now, the average Joe will get the massage that self-custody is not safe and neither is holding on CEXs (i.e. because of FTX).

The first round of news coverage is out:
https://www.cryptotimes.io/bitcoin-developer-luke-dashjr-reportedly-lost-200-bitcoins/
https://beincrypto.com/early-bitcoin-developer-luke-dashjr-loses-3-6m-btc-due-supposed-key-hack/
https://www.indiatoday.in/amp/cryptocurrency/story/bitcoin-core-developer-claims-hacker-stole-more-than-200-btc-2316348-2023-01-02

Will see if any of the major news outlets pick up on that story. Peter Shiff will surely have a field day with this one.

We've been through worse though.

---

I feel really sorry for Luke, can't even imagine what it's like to lose that kind of amount in such way.

^^^
This guy is conveniently playing into CZ's hands. I wouldn't be surprised if this was a much bigger plot aimed to scare people away from self custody and making Binance a monopoly. They need those bitcoins to fill the gaps made by people who took money out after FTX drama.


There's just too many religious murderers and thieves out there. Many of them used religion to justify what they were doing. This is by no means an argument in his favor.
By the way, isn't Richard Heart a Christian?

Luke wasn't using a modern wallet, he was using old private keys, and it seems he generated those keys, or at least seems to have some kind of information about those keys in a device connected to the internet.

An average Joe that wants self-custody today will generate a seed phrase on an air-gapped device, so they will be in a more secure setup than what Luke had.

I am afraid you are overstimating the capabilities of the average Joe. Not because generating a seed on an air gapped device is difficult "per se", but because the average Joe is lazy as fuck.

^ I was going to post this but you beat me to it.

But there's also an ugly truth, that unless you possess relevant skills yourself, there's always some trust involved. For hardware wallets - you have to trust that manufacturers are competent and that they have not put anything malicious there. For offline generated wallets, you have to trust that address generating software is legit and that address is truly random and nor generated according to some easy-to-replicate pattern etc.

"Freedom ain't free" I guess.

It seems a little hard to believe that so much BTC could have been left available for hackers to access. My first thought was that this was a lost my private keys in a boating accident type of incident. The timing of it along with him publicly messaging the FBI… Just seemed almost like theater. I hope for lukedashjr that this is some sort of cautionary tale, but everyone seems to be taking it as a legitimate loss, which is absolutely terrible.

Heh, I knew that someone will make a "boating accident" reference here. I agree his tweets looked a bit off - the one you mentioned + that "Help please" part, that just didn't sound like him. But I take into account that those funds might have very likely been a majority of his life savings, so losing that would put anyone into despair and make them act irrational/unusual.

Speculating on him pulling the "boating accident" - there would have to be some sort of trigger, say he's in debt and creditors are on his back, or wife announced she want's a divorce etc. I don't think we have anything like that here, so would rule that out (for now).

I hope the community will be able to come up with a proper report of the events once @lukedahjr's is capable of explaining what actually has happened since this is probably a lesson that should be taken very seriously, IMHO. I've been following the developments of Bitcoin for some time and I was never convinced by this bold claims like "Bitcoin fixes this", "In code we trust" or "not your keys, not your Bitcoin". As long humans are involved there will be no way to create a trust-less system. BitcoinMaxis would be well advised to accept this and act accordingly.
Today I've read an article by Jameson Lopp about the Death of SMTP

https://blog.lopp.net/death-of-decentralized-email/


Although I couldn't agree more, I'm really surprised that Lopp himself didn't take notice of the current events in his twitter timeline although this is a crucial example how decentralization in Bitcoin could evaporate in no time.

More tutorials and best practice examples are needed apart from other opensource wallets like Electrum or ArmoryWallet that provide the basis for a full node.

This is another skeptical me argument hehehe. This might also be a way to prepare for an exit from holding bitcoin without being persecuted by the community? Claim he was hacked, mix the coins, keep the coins then sell on the next bull market when he has 10x of the present value. This is $20 million and very much enough for his retirement.

::)

There was literally nothing in what you said that proves Luke Dashjr was compromised. LITERALLY NOTHING.

You merely said his religious beliefs, which many people already know, is very conservative to put it mildly. But that doesn't prove he is compromised. You continue with Segwit and start to try and gaslight everyone again with one long, senseless post. The franky1 we know. Haha.

it certainly is. it makes people mistakenly think that maybe bitcoin is not secure.


very simple.someone can be good at one thing but terrible at another. it doesn't take an expert or a genius to keep their bitcoin secure. just someone that cares. cares to follow best practices.


well if it really did happen then it is likely his fault that it happened. onlyperson to blame is himself. that's bitcoin for you. that's how it was designed to work. you are your own bank. so you have to step up to the plate and keep your money safe.  :o maybe next time he'll set up an HD wallet and keep the seed offline on a titanium plate.

"Don't trust, verify", remember? And then why trust somebody's claims, no matter who it is, if the things just don't add up?!


I love the mix of drama, conspiracy and price speculation :D ;D ;D
One thing that still looks odd is that all this shit show goes on only on Twitter. Nothing on Mastodon and nothing in here.
Another thing that must be cleared up is what was his actual "cold storage" setup.
And claiming that there's a CoinJoin in a tx that's actually clean...
...yeah, the things just don't add up. And I've got some logical explanations for this and that, still, far from enough.

I consider the hacking of 2 Twitter accounts easier than hacking into a cold storage.
The boating accident theory is also a not-too-bad idea.

This question is disingenuous. Dashjr broke one of the basic rules of self custody. Which is to never store your private keys online.

The average non-tech savvy person can secure their bitcoin by simply following basic security rules.

Whenever you buy any modern cold storage device such as a Trezor or Ledger it always warns you during initial setup of the device to never store your private keys on any computer, never take a picture of it, never store it on a hard drive, cloud, flash drive, etc. I know this because I own both a Ledger S Nano and a Trezor One.

I can't believe such a supposedly smart person actually stored his private keys on his computer. Does not matter if it was encrypted. Any encrypted file can be broken with software you can download from the internet. You don't ever store your private keys on any electronic storage device, period.

Part of the issue is irreversible transaction.
It would be safer to build a decentralized platform on top of Bitcoin where Bitcoin transactions can be reversed if unauthorized people gain access to users coins

You don't know what you're talking about. This would mean that anybody could reverse his transactions for no good reason. The merchants would have no reason at all to use Bitcoin, actually, it would be the opposite: they would avoid it.

Well any credit card transactions can be easily reversed by the credit card company or bank, but most merchants still accept credit cards.

I have reversed a few credit card transactions myself by simply calling my bank and asking them to do it when I felt the merchant charged me  inappropriately or failed to render services. Most of the time the bank will do it. The merchant is usually given the chance to dispute the reversal.

Though I generally agree with bitcoin, transactions should probably not be possible to reverse. Or else you would need some person or persons to be the arbiter of any disputes and give them the power to reverse transactions. This would open a whole new can of worms.

If a dispute arises with a merchant that accepts bitcoin you simply can ask the merchant for a refund of your bitcoin. Failing that you can file a complaint with an authority or file a lawsuit.

That's done by centralized institutions you and the merchant (have no option but to) trust. Ucy was talking about decentralized platform where transactions can be reversed.

According to an article by ZyCrypto scenario B seems to be most likely.


https://zycrypto.com/crypto-community-on-high-alert-as-bitcoin-core-developer-loses-over-200-btc-in-hack/

So the blind spot probably was him working alone on this wallet/node software "BITCOIN KNOTS" . At least he was the responsible maintainer. By breaking his PGP they were able to mess with the source code probably and in the end even his 2FA which he introduced was comprised. Really tragic tale.

Luke's funds are on the move again:

https://i.ibb.co/28jJswV/61543388.png (https://twitter.com/oklink/status/1610473989469802497?s=61&t=R5EekutHMdufZoUcw2VxRw)


This is a proof that those funds weren't conjoined at all. Of course those funds will hit a conjoin sooner of later, that's inevitable.

Also this proves the "tax evasion scheme" would be playing poorly, if true.

Incidents like this always happen every year and we as bitcoin users always have to be careful in storing private keys, and applying maximum security, if we have done that then there is no way to stop hackers because they are always looking for ways to get into our bitcoin account which has a fairly large asset, the victims right now I'm concerned because no matter what way we do it's very difficult to detect hackers,hopefully this will be a valuable lesson for all of us.

I wonder if it will be possible to cash those BTC in. There is a digital footprint now and every crypto exchange will be watching for this closely.

im wondering if luke meant coinjoin not as a mixer but as a term meaning consolidated to new address

well the coins are moving again but the idiot is consolidating coins yet again
the ~204 lump that went out and the 9 lump that went out after.. . part of the 204lump split up and re-consolidated to the 9 lump few taints later

thus not a mixer. but a idiot just taint jumping through addresses he created himself in his own wallet (whomever he is)

https://i.imgur.com/VTNuIrx.png
1yar  204btc split split split split down to 33.7btc.(using legacy)
 and then consolidated with the 1yar 9btc  to make 43btc in a bc1q address

If the attacker will eventually do something stupid, it will be quite easy to trace him. Don’t underestimate the human factor here. We have seen in the past some very experienced hackers, or rather social engineer, do l’incredibile stupid things with the stolen funds.

as said about the 204 which split down into legacy addresses before consolidating with another 9btc 1yar amount

the off shoot of the legacy splits went to p2sh wallet taint jumps
EG a 24 split that went into p2sh (prefix 3)
and a 17 split that went into p2sh (prefix 3)

then the 2 paths of p2sh split into small sw (bc1q prefix) addresses of precise amounts of 1-5btc whilst the remainders taint jumped down the p2sh paths

where the ends of the 2 paths of p2sh taint jumps resulting in two under 1btc amounts consolidated together into 1 sw address of 1btc
               1 sw
             23.352 p2sh
           /        \  1 sw
24leg              22.352 p2sh   1 sw                  sw sw sw
180leg                             \ 21 p2sh               /    /  /
         \                                      \.and so on  .\ .. \..\0.349324 p2sh \_  1 sw
        162 leg                              /and so on ../ ../../0.651364 p2sh /
           17.6532 p2sh         15.6532 p2sh       \   \  \
                   \                  /1 sw                    sw sw sw
                  16.6532 p2sh
                     1 sw

end result of the 2 paths of p2sh
https://www.blockchain.com/explorer/transactions/btc/6fc2f7370682b068c78778ce591a24c13dc797a172c69e31a1fd331e0cb80bff

basically whomever the hacker/mover is he is not even experienced with mixers because he is just taint jumping..
and is using 3 wallets/services to do so
one that prefers legacy change addresses. one that prefers p2sh change addresses and one that prefers segwit

---

im presuming the precise single digit btc amounts in segwit are 'chip mixer'(term not brand) chip amounts about to be mixed. but usually they get spent quite quickly in a mixer shuffle.

One conjecture I can make to justify this situation is that Luke is searching for some safe manner to evade taxation. He's been donated generously over the years, and he must have screwed it up with privacy at the most part. Pretending to be robbed and he might get away with it.

It's quite sad if that isn't true. A Bitcoin developer having his PGP key and his private keys compromised is just ironic.

One method that blockchain analyzers use is to create the link between input and output addresses that are of the same type and consider it less likely for different types to be linked. Using a different type of address among the outputs could be an attempt at throwing chain analyzers off.
Of course on its own and on such a high profile transaction, it is a weird thing to do...

that use to be true. but the stupidity to consolidate different paths back together several taints across just makes the whole point of shifting fund over several disposable addresses pointless.. because when they were split in a same pattern per shift and then consolidate again it shows all the coins in between are the same person

usually you would split funds up into different addresses and types and amounts to be complete randomness..  and never let them meet up again to then make it appear they were sent to different people or services for different reasons to make it less clear when funds changed hands/ownership.. but however having a pattern and ending up together again just shows they never left that persons custody and just a wasted effort

One of the ways to do this:
A decentralized platform could offer a reversible transaction service for funds that can only be sent to a multisig address before reaching its final destination. This should enable people with huge amount of Bitcoin to only send their coins to such addresses controlled by them and co-signers. Once a multi-sig address receives such fund the owner is immediately alerted and he can then authorize the transaction and the fund automatically sent to the final recipient. If the owner reject the transaction the coins is sent back to his address

That's just a poor assumption. Shuffling your coins on addresses with or without different types provides the same levels of privacy. Just because one chain analysis treats different types as likely different individuals it doesn't mean another doesn't, and actually it doesn't make sense for even a chain analysis employee to justify such thing.

some people thought you were trying to promote a CSW protocol breaking money steal/refund option.. breaking bitcoins immutability

however the multisig option you now describe is how some have done things in the past.. its called escrow

however escrow refunds only work when you want to spend but unsure if the other party will release goods.. they only work when/because you enter a cooperative multisig. to cooperate and agree with the other party on payment/refund terms..

it doesnt work when someone is hoarding and not expecting a hacker to steal funds from hoarded funded addresses

I imagine blockchain analysis methods are like a scoring system. There is of course a lot of things that are considered and analyzed but when the transaction checks all the boxes it has a higher chance of addresses being linked compared to a case where it doesn't (like having different address types among its outputs or round amounts, etc.). This is also why using it alone and like this makes no sense.

I'm talking about developing a Bitcoin address with corresponding private keys specifically meant for this purpose —sending fund to multisig address before it's automatically transferred to the recipient.

Escrow would be a contract address between the sender and receiver but this has nothing to do with escrow or contract. It's simply a reversible solution for people who could have their keys stolen.

I wouldn't be so sure.

You assume that every exchange is in the same league, playing the good game.

Some exchanges in the past were known to be money launderers like the once popular BTCe. There are exchanges that tried some shady things in the past and don't care much about their reputation like Yobit. Many exchanges situated in poor countries will agree to exchange stolen for you for a fee.

Before anything, is his Twitter account still in his possession as this might turnout to be a hacker seeking public sympathy to get donations using his reputation and the alike.

Trying to exchange 3mil won't be so easy, any sight of these coins on a Cex and these coins will certainly get frozen.... Btw can a mixer freeze such coins knowing that they are tagged stolen in the event they try to clean them ???

if you are sending funds to a multisig where you own the keys.. then you are just (in practice) sending funds to yourself.. thus no point needing to call it a refund.. its just you sending funds to yourself.. as a wasted transaction before sending it to someone else
becasue you own the keys you dont need to send it "back" thus no point using it forward before giving it to a recipient..

a multisig is meant for having 2 people combine to control decisions. .. which is escrow

so which are you trying to explain.. wastefully sending funds to yourself in a new address.. pointlessly to want to send it back you YOURSELF if you change your mind/accidentally moved/funds moved via theft.  .. its wasteful because you dont need to "send back" because you own the keys for the multisig.. which means a hacker would too!! so you or they can just do with as they please from the address. so its the same as just hoarding from a base utxo address

or .. send coins to a multisig where there is the recipient or a middleman having the other key to co-sign funds forward or back when conditions are met

either way.. those proposals wont help fund thefts of a hoard where there was no situation of wanting funds to move as a spend. but where an invader found the keys..

..
i know you are trying to suggest a CPFP
where a parent address pays a child address.. and the child then pays it forward or back where it moves the coins faster back or forward rather then just paying direct to a recipient.
but again. there ends up no point.. because a hacker will have whatever keys you have so wherever the child funds are the hacker also has.. just like you.

(EG imagine you exposed keys to the internet/hacker via a spend in september 2021, in whatever scheme you make. where you end up needing to use the child keys in your scheme in september. then the hacker has them too because the child keys got exposed too)

............
if you are talking about needing two devices to finalise a payment to a recipient (one device for parent tx to child and second device for child to recipient) well you can do that anyway without needing any special sub layer network or change in protocol. however a hacker wont care because they will just take the parents key. and just send funds direct to hacker address without doing the send to child thing

It is a worrying situation, it seems to me very necessary to look for new forms of security to be able to deal with this type of inconvenience that constantly attacks users. This type of case is not something new, so you have to take drastic measures and be increasingly careful, hackers will constantly try to breach security and get something in return, it is good to be aware of this and take the necessary measures to reduce the risks of losing everything.

I don't know what seems the be the method or reason how he was hacked but the reality is that we shouldn't really trust our own wallets neither if he got hacked. I mean think about it, dude is a bitcoin developer, he probably knows more about how safety works let alone just being safe, so he had all the knowledge and tools and items he needs to be safe and he still got hacked and all his money was stolen.

This shows that we can't be safe if we do not know what we are doing. The best thing we could do right now would be making sure that its on a place that is secure which is cold wallets and offline, that would be a lot better for sure.

knowing the information and implementing it are two different things. you can know all the information about best practices but if you don't actually follow them then it doesn't help!

yeah if he would have done that then he would still have his 209 bitcoin or whatever it is he supposedly lost.

This is what boggles most people on here which it would really be that understandable that a certain Bitcoin dev does know much more than us when it comes to safety protocols on how to store up your coins.

It wasnt cleared out on where he did make out those lapses which it did result into such breach if this would be blamed out technically stolen which does means that Bitcoin does have its flaws? Possibly but close
to impossible.
This is a human error obviously and not on the system itself,it cant just be clarified on where he did go wrong.

They won't and should not because to do so requires working with blockchain analysis companies which exist to invade people's privacy and to deanonymize bitcoin transactions, this goes against the very reason the mixer exists.

Hi Guys...
just a quick question...
if this guy had a 25th seed phrase enabled, would that have prevented the hack?

Thanks

doesnt matter if its a long string of characters or a bunch of words. if its has been typed into a compromised PC that a hacker can see files of.. the hacker can get it

even a latest hardware wallet. a hacker can simply set up a phished/emulating GUI display to show "error with device. to reset device please re enter your seed" or whatever their error pages look like to get people to type it in.

Thanks 

Are there any hardware wallets that actually ask you to do something like that in any circumstances? If yes, then that's a very dangerous thing to have. So far I've been using only Ledger and the only way to enter seed phrase was directly using the device and not via Ledger Live app so if any message like that pop up, Ledger users should know that it is a fake. Not that it would stop some people entering seed anyway.


This shows that you aren't 100% safe even if you know what you are doing (its safe to assume that person in question knew considering his experience). Since this guy wasn't anonymous, I don't think that this was just some random attack and instead he was targeted which is a different thing than just clicking on some malware link and losing your bitcoin that way. Then again, smart people can do stupid things so maybe this was a brainfart.

ledger USB device has its own keyboard?? .. show me
https://cdn.shopify.com/s/files/1/2974/4858/products/04.png

You don't need a keyboard to enter seed phrase in Ledger, few buttons on the device are enough for that. Its clunky and not most convenient, but I'll take that over entering seed in some app which is way more dangerous (fake apps, keyloggers etc). Here is the video how its done https://www.youtube.com/watch?v=XRzGix11T18

By the way, how are you doing it on your hardware wallet, if you have one?

I see that franky1 has given you good answers, so I won't get there too.
All I can add is a recommendation to make a new (spin-off) topic about this if you want to continue this debate, since here it's off-topic.


It has 2 buttons. A bit unnatural to call it keyboard, but it can be seen so without being awfully wrong, since the Nano S (plus) doesn't need more than that.

https://cdn.shopify.com/s/files/1/2974/4858/files/IMAGE_27.png

And this is basically how 90% of it gets done, purely social engineering hacking and not brute forcing.

Yeah if I saw a message like that pop up on any damned device, I'd know I was hacked and immediately wash off.

Problem is, and I'm sure I'm not exaggerating, most people, not some, would enter their seed phrase if they saw a message requesting it.

Now that actually reminds me that I've rarely seen warning messages about never ever responding to seed phrase requests...

years back first generation hardware wallets were just USB devices that when plugged in, opened a webbrowser with the interface being a webpage(facepalm) . so soo soo many flaws back then

but yes these days and those days dont trust anything requesting your seed phrase on a pc's screen unless you have a way to prove its a genuine thing asking for it. and good to see new ledgers allow key inputs via devices(i havnt bothered looking into hardware wallets for years.)

This is a very big misconception, there are much more risks here, the first and simplest - Binance can simply freeze your coins, simply block your account. There are such cases, so they cannot be ruled out. If you give an example of hacking an exchange, then in this case the withdrawal will also be closed to all users until the circumstances are clarified, and believe me, no one will compensate for this from their coins.

You should never trust your money to exchanges, FTX is an example that should have made everyone think about it seriously, but I see that this is not clear to everyone.

This is a warning sign, not many people can understand better than these people in the safe storage of bitcoin, but as we can see, no one can be sure that their coins are safe.

How then to proceed in this case, is it worth separating our coins into different cold wallets, part per ledger, etc., or what? In fact, this is a very serious issue that should not be put off.

So, LJR apears a bit niave, he thinks office was hard to get into
Gets hacked, does not change his addressess or wallet or make a new wallet.

Also I thought he would have more than 200 BTC.

He should be able to sue his server provider for losses

giving best practice advice vs following own advice is a human trait.

also best practice advice is sometimes too impractical.
it all depends on how much wealth you have at risk then decides how much effort you want to take to protect it

someone with just a month wage stored. may just have a seed wrote down they import into a wallet to spend and have the change go to a completely new seed based address. so that the seeds are secure each time

where as someone with more wealth might have multiple devices that separately sign and only present the signatures to each other via a air gapped method (convert to QR code and snap a picture and send it to the main system to append signatures)

some may want more then a paper wallet and have a hardware device that can enter seeds without touching a computer

there are many many many ways to back up seeds, keys, wallets. the world is your oyster, but it all depends on your personal risk/preference.

its like fiat world
only a months salary.. normal ATM visa debit card.. 'tap and pay risk' of losing maybe $100 per payment via card cloners, where when spotting it you move funds to new account

$mansion money$  set up a family trust requiring co-signer trustee's to sign off on funds to beneficiaries

some have both set up.. a multisig 'trust' for main hoard of coin. with a lite wallet seed of weekly/monthly spend amount

Fair enough, There some exchange that still doesn’t required KYC and allow 2BTC deposit and withdrawal per day. Also there are some DEX that let user buy and sell bitcoin for fiat P2P like Bisq. I believe a 200BTC can be easily cash out nowadays due to the P2P offered by DEX.

it was 600 thousand usd not 600 million usd, i made a mistake (and deleted my message but you quoted it before that lol), but yeah non KYC exchanges do seem to abound.

A very terrible way to begin the new year, although has this been the first time he lost large amounts of Bitcoin? Imagine a Bitcoin dev lossing such what would be said if same got lost by a rookie. I feel so sad for the loss because that is more than enough for anyone.

I hope everyone learns the lessons here no one is above mistakes like this all one has to do is to make sure you are well updated about the current security to back your wallet.

  I hope the news does not affect newbies and rookies entering the crypto space.

Given the Bisq low volume, it would take you a long time to cash out 200 bitcoin that way. But I agree, cashing out 200 bitcoin at this day and age is not that hard if you know where to look, and people that managed to hack him are surely not some noobs.


Oh damn, I had no idea that it used to be like that in the early days. Just a thought of typing my seed into some web browser app or whatever it was makes me very uncomfortable. I got my Ledger Nano S back in the late 2017 (after I lost almost everything I had) and wouldn't go back on any other type of cold storage.


My guess is yes, because if he was hacked before, he would be way more careful than he was. Btw not saying that he was careless, but he would probably be extra careful it it has already happened in the past.

Best thing to do is just forget about coins. No life or limb is lost. This also happened to me. I forgot encryption password for hard drive of computer. And I miss the pictures and saved games more than the bitcoins stored there. Just we must take lessons how other people failed and not repeat them.

Also I feel good that the destiny got Luke for hacking CoiledCoin. It is hard to feel sympathy for a guy who looks like crossover of Amish husband and feces-smearing Johnny Knoxville. And Luke over years have acted as one, from genuine service to humanity as a free software developer to destroying altcoins and smearing blockchain content. Luke is like my cousin. My cousin is brilliant scientist and computer hacker, but complete imbecile in human relationships and behavior.

It does happen commonly but not to a huge name like this. Not because he is famous, even famous people could get hacked, but because he is famous for being a bitcoin developer. Dude knows how to be safe, and yet he was still hacked and he doesn't even know how he was hacked neither.

I believe that the best thing to do would be letting him handle whatever he wants to handle to get the answers, give him full access to everything and find the issue. Because, if there is a hole somewhere that hackers could use to hack him, they could 100% hack all of us, if he couldn't protect himself, there is absolutely no way that we could ever protect ourselves better than he did.

his server was being hacked all through november and december multiple times by the same instigator.
he knew the hackers were making hacking bots scripted to hack his system(s) specifically..

he (supposedly) however didnt realise they trojaned in specific code for his system to then get at his home computers.
he thought they were only playing around with his servers and had no idea they got code into his home computers to mess with them too after christmas

..
some of his comments are a bit sparse. . cynically im thinking "the less you say the less lies you have to tell" where it could be, that he heard about FTX in november and seen how people like micheal saylor also (paper loss) declared a tax loss in december.. and thought he should do something similar to avoid taxes..

however he could have actually been hacked.
his vagueness could be genuine surprise or planned avoidance of multiplying his lies

Like what? Not Binance, is that what you're talking about?

From my knowledge, he might be talking about Bybit exchange which used to allow 2BTC daily withdrawal limit for non KYC accounts, but they have recently updated their policy[1] and changed the limits to 20k usdt equivalent withdrawals per day.
Also, kucoin allows 1 BTC/day withdrawal limit for non KYC. Dunno of any trustable cex allowing 2BTC withdrawal limits today, but would love to know.

---

[1] https://announcements.bybit.com/en-US/article/enhanced-kyc-policy-to-be-implemented-after-dec-15-2022-bltf3d717c057f2a044/ (https://announcements.bybit.com/en-US/article/enhanced-kyc-policy-to-be-implemented-after-dec-15-2022-bltf3d717c057f2a044/)

i too think the luke stash splits that end up on bc1q addresses(precise amounts of 1-5btc) will end up on those types of CEX and converted to some other currency
converting it to true fiat via those sites wont be non-kyc because doing fiat withdrawals reveals bank account holder name. so those sites will be just conversion bridges to altcoins/stable coins and them moved again before the entity doing it thinks its safe to then "cash out" or hoard back as BTC again elsewhere

honestly speaking, when i first heard of this news, i was shocked. But then when i relooked at the whole thing, i acutally thought to myself, fuck it, he can't be really hacked. Until these days, i still couldn't believe that a 200BTC wallet stolen from a btc developer. It just doesn't look like he was really fucked. And what you said here actually validates my point.
So, fuck it, he is a trying to fool the public around.

I have just only one question.
Why didn’t he cash the UTXO sending them pro the exchange? No one would have never known that, as those funds were not tied to him.
Now he has to be extremely careful handling those utxo's.

According to reddit, he did not use a seed phrase, but instead "split all his bitcoins across hundreds of private keys" which by virtue of being on the same computer, were stolen at once.

I don't even.... just take a look for yourself.


I guess this is not so surprising anymore. I was thinking somewhere on the lines of his seed phrases getting burgled.

it actually does not matter if its seed or legacy or multisig or segwit

if you expose any seed, wallet file, private key to a system that is hackable(online) where you probably downloaded a compromised file that contains a trojan. those coins no matter the format of the private key, becomes their

It's hard to see the current condition when even experienced developers in the field of blockchain can be penetrated but on the other hand this can't just happen because I think there must be cause and effect and there could be some oversights that occur when looking at this from a broad perspective.

Right now I think we have to be more vigilant than before because hackers are getting smarter and smarter and I agree with what you said, use all the methods currently available to make your assets really safe because I don't mean to scare you but it could be people people who are out there right now are waiting for us to let our guard down and seize the moment as it happened to this seasoned developer.

This will obviously have an impact because seeing some of the retweets there, a lot of people are worried because even a developer class is still being infiltrated, especially with people who only rely on daring to take risks and indeed this is a real target for haters of bitcoin because they seem to see a new weapon for make it look like bitcoin is indeed a means of scam and fraud for now.

whomever the entity is (luke/hacker) they are not stupid to just throw coins into an exchange to cash out, straight from the "event". as the lack of taint jumps are to close to the publicly known address, which has been called out as stolen funds

their game is to taint jump and tx format change to hope they can skip passed the limits and tolerances of coin analysis where the fresh addresses of small amount wont raise any red flags when eventually entering an exchange/service

im surprised that these coins have not moved on much. i would have expected those precise(no decimal) coins on bc1q addresses to have been 'spent' through a mixer by now. several times. or looped through a non kyc exchange to swap for altcoin/stablecoin.

edit

i just checked address in tx above. and it has now split the 1btc into smaller amounts of 0.002
as have some other bc1q adddreses(taint back to 1yar) of precise amounts now split into 0.001 amounts
https://www.blockchain.com/explorer/addresses/BTC/bc1qr3vpj9ffshqp53u9la0g6nwhx6f5n3z9l7xhwd
this to me shows signs of splits of "mixer token" allotments (al)ready to be mixed
https://www.blockchain.com/explorer/addresses/btc/bc1qm2qljj3a64ueqfq885ne2yy9pddnez7vz4y2v5

i would say beyond this point it is now hard to tell if these funds when spent are the entity(luke/hacker) or some idiot that is in receipt from some mixed funds.

but knowing (due to FATF regs) that regulated exchanges do not tolerate funds that went through a mixer, it should be fun to see what exchanges accept or reject deposits from those spends, even if the user is not entity(hacker/luke)

as for the funds the entity does get (different mixer deposit stash) they too may have issues trying to deposit into exchanges unless another taint jump ordeal is done to outpace chain analysis tolerances

Update on the funds.
Fist they went trough Chipmixer:

https://i.ibb.co/XXNM2mZ/61556456.png (https://twitter.com/ErgoBTC/status/1611169585457238018?s=20&t=cNhZGAH_zkWuBKZ8HQH_-g)

Then according to this analyst they were transferred to a CEX:

https://i.ibb.co/RPvbcDH/61556456.png (https://twitter.com/1440000bytes/status/1611265121686355971?s=20&t=cNhZGAH_zkWuBKZ8HQH_-g)

My question is : how the chainanalisys stood after the ChipMixer Round?

And my question is, have they not heard the alarm bells from people (Twitter?) warning them that they are currently holding Luke-jr's stolen funds?

OKX has got to freeze all those funds. Never mind, they apparently haven't even been sent to an exchange yet.

Very stupid of him to store his private keys on a computer.

The purpose of cold storage is that your keys are stored OFFLINE where it is impossible for anyone else to access but you.
When your keys are online then it is not cold storage -- it is the same thing as storing in a hot wallet. Can't believe a bitcoin dev is that dumb.

first of all cold store is a term that pre exists hardware wallets and exporting keys
for airgapped stores like hardware wallets, paper wallets and offline devises. they were just called those 3 things

cold meant home node, hot meant node on a webserver with public access
..

anyways moving on
he used a wallet to spend funds like a couple months before some hacks on his server. so obviously when they trojaned into home computer the wallets were still on PC

i know some will say "need to wipe windows/linux per spend and delete everything and start again"... but who actually does that

its like telling someone to get a new debit card each time they use their debit card for the risk of someone cloning the card.. who actually does that

.
one thing i dislike about core is how you cant choose your "change" address easily.. it just uses the current seed or the random generator to create a change address to add to current wallet in core.. .
to avoid this.. you have to instead treat it as if you are spending funds fully to 2 destinations as a complete spend of all value of current wallet/seed.. where you choose the second destination as an address of separate wallet you have not put into core/your device.
(meaning a new wallet created airgapped)

that way the 2nd destination is a wallet on a completely separate airgapped device. and no funds are being returned to a wallet that is in core when spending.

but again. who bothers to do that

some say you should take an umbrella with you all the time in case it rains.. but who bothers to do that
some say you should take an an extra shirt with you in case you get lunch sauce on one while on work break. but who does that

sounds like an amateurish mistake.

well if i had bitcoin private keys that added up to $2 or $3 million then i wouldn't keep them stored on a computer that was connected to the internet, franky.

i'm not sure that's an apples to apples comparison. banks put spending limits and atm cash limits on debit cards for exactly this reason: to avoid having to reimburse a customer for amounts that would exceed what they are comfortable reimbursing. :o


why should you need to choose your change address? an hd seed is meant to manage your change addresses so that all your funds remain under its control. if you prefer to use your hd seed as a paper wallet one time use type of thing then yeah, i mean, you have to do that manually.

they shouldn't NEED to do that. you can use an hd wallet to do as many transactions as you want to and have good security in place too.

if it can cost you $2 million then yeah, you might want to bother to do those things or anything else for that matter if it falls into a similar category.

its funny to say "but HD seed do XYZ"
his funds were not on HD seeds. so mute point

if funds are on hd seeds then yea skip the advice about change addresses.
but if funds are on legacy, then you have to manually spend all value to 2 addresses(1x destination for amount to want to spend and 1x yourself in a new wallet for the change) ensuring change doesnt go to same wallet thats on the online computer

meaning when its time for a legacy hoard to upgrade wallet to HD he will need to do as i just said

you cant just re invent the past and pretend he had a HD seed.. he didnt.

i dont even like luke JR for numerous reasons. but still i wont re invent the past to give more reasons to say he done things wrong because he had access to XYZ before events

at most all i can say is when he done the spend in september. he should have used that opportunity to move it(like i suggested) to a new wallet that was airgapped.

i know. they were on individual paper wallets. how many of them i am not sure exactly.

paper wallets are not meant to receive back change. that's why.


i mean i'm sure he's got enough grief as it is he doesn't need armchair quarterbacks but the mistake was made long before september. the mistake was made when he started storing those private keys on that computer to begin with. how many years did that go on for until someone finally hacked him? how many years did he have time to read up on how to best protect your stash? and what did he do? it doesn't seem like he did anything.  ???

no what you are not reading is ..
he had over 200btc on DIFFERENT keys before september. but moved coin in september to new address thus exposing that wallet in september..
(its not a stash since 2011 that has been lingering on a computer for a decade or exposed a decade or less ago)


they were exposed september 2022+
because he spent some coin in september and got change in september but didnt send the change to a different wallet(such as a HD seed associated key made on an airgapped wallet)

instead the funds in september went back to a change address in a node of standard change address creation within the node

Lol. Every reasonable person with a shitload amount of money, maybe?

What the actual fuck? What kind of analogy is this? First things first, you don't store a million dollars worth of bitcoin in a hot wallet. That should be a principle, period. Secondly, using a hot wallet more than once doesn't introduce any additional risk. If you have a computer that's connected to the internet, with a Bitcoin wallet installed, and you use it only to make transactions, using it once or a million times doesn't make a difference security-wise. Thirdly, debit card transactions are reversible.

Using a Linux Live DVD is quite easy nowadays. Copy an unsigned transaction from a watch-only hot wallet, sign it from a Live Linux OS without any storage or internet, copy it back, broadcast it, and all you have to wipe is the RAM.

im laughing

firstly exchanges use hotwallets containing more then 200btc all the time..(they have 'at-risk' 0.0x-1000btc) hotwallets on server
just the CEO's have their non-server(not the exchange) nodes with the cold wallets(1000-700,000btc) keys not on a server

but ..
lets get to the whole actual detail of what lukes tweets have actually revealed so far

he didnt have keys on his server(thus not a hot wallet by OG standards(ignoring the newbie redefiner, re-jargonisers))
though he did spend coin in september on his home pc(not the server), which would mean his keys of the utxo 'change' were in same wallet(standard key addition to wallet.dat of core) so it was exposed to that system because he didnt set the change address (manually needed) to go to an airgapped separate wallet

analogy when spending some debit card balance he didnt send the rest of the entire balance to a new debit card.. but then who does normally.. no one
(legacy core doesnt do this either, it puts rest of balance into a key OF THE SAME WALLET.DAT)

to avoid this. like i have said a few times now. people have to manually set a second destination for remaining balance to go to a destination you own(airgapped) of an address thats not been exposed to the spending PC

try to read before letting your brain bot shout "must find reason to be opposite to franky"

Or just buy yourself a signing device, if you're about to do this regularly. If not, Linux Live OS does fine for long-term cold storage.

And exchanges get hacked all the time. Your point?

There is no newbie redefinering. A hot wallet is a piece of wallet software installed in a machine that is or was reachable by a network of computers.

You don't leave a million dollars on a debit card, unless you already have a billion in cash. That's my response.

oh blackhat your responses dont help anyone..  you are a social drama queen poking just to be oppositional

you have been caught out before trying to re-define OG terminology (such as the pruned=full node crap you and buddies infer.. yet, pruned was not even a thing when "full node" term was used.. having an option to switch off options and peer services = not full node when options are set to not offer fullpeer services)

YOU said no one puts 200btc+ value on hotwallets.. so i responded that exchanges do.. (instant debunk)
i guess you forgot your point in the previous post, to then not realise i was correcting your point
amnesia is not an excuse to pretend your point didnt get debunked.. now just move on. dont reply just to be oppositional.. actually read the context of stuff and stop using amnesia as a reason to not know stuff

even your response to loyce was that someone should use a signing device, negating his point about people (actual events) that dont have a signing device yet and (actual events) exposed keys(actually happened) should wipe their computer or use a live CD operating system to remove said exposure(that actually happened)

stick to actual events and not try to re-write history to pretend he must have had xyz in the past and should have used xyz

sticking to what luke had. (and what he could do with what he had), then sets the conversation of this topic about what happened and how he in this topics specific situation could have mitigated it with what he actually had/admits/reveals to have had.
not shouldisms of what he should have bought created via needing different equipment devices and a time machine .. to then have your particular list of devices HE DIDNT HAVE at the event

oh
and you think there are no people out their with a platinum/black debit card.. pfft
and you think there are no people out their with a platinum/black debit card who arnt also billionaires.. pfft

anyone could shout out any shouldism they like. but a rational person. sticks to the realms/scope of realism of what was actually available in the victims hands at the time of the event

I said no reasonable person does that. And, as history is concerned, my assertion is arguably confirmed.

It was merely a suggestion. People that have millions of dollars worth of bitcoin and haven't made the necessary precautions are just irresponsible, that's all I'm saying.

I don't know what's going on in your head, but please visit an expert.

again to end your silyness.. and i hope you move on from the sillyism of shouldisms outside the practicals of this specific topic

you were spouting random shouldisms about things that luke didnt have. thus . saying he should have used a hardware wallet .. would only be true if time travel occured for him to have bought said device prior to september, prior to septembers exposure, prior to risking his wallet. ..
he had no such device at time of events(sept-dec). his funds were not on such device. thus your shouldism is not a reality of what he had but didnt use. but what he didnt have so couldnt use.

i personally have funds on legacy for my personal reasons. (none you would understand)
you cant just slide in a private key into a hardware wallet or a seed. it requires SPENDING to move funds to a new wallet that is seed based.

having funds on legacy doesnt help users of legacy to have shouldisms shouted at them about having keys in hardware wallets. because it requires them to SPEND the keys. meaning exposing they keys. thus..
advice is actually "WHEN spending it would have been best to not just use cores standard add change address to wallet.dat change address mechanism. as that wallet when SPENDING is exposed
he COULD have set a second destination to a fresh wallet to remove exposure by the new wallet destination being airgapped

do you now see the difference in advice and why my advice is more practical to the reality of occurrences and information availbe to us from luke and the locations of funds admitted by luke(this topic)

..
oh and as for your shouldisms about everyone having a hardware wallet its stupid not to
the hardware market is only $850m~
at an average of $85~
means only 10m devices..

there are 43,629,759 funded addresses (some single addresses represent multiple millions of people some multiple addresses represent a single person.. so not a good metric of crypto userbase
yet coinbase has 60m customers. binance has 25m customers
meaning adding all up all other exchanges aswell.. there are more then 100m users of crypto.
so at best bet only 10% are using hardware wallet AT BEST

oh and final debunk

you pretend your whitty, smart, and you absolutely have top security by promoting hardware wallets or HD seeds

seriously??
your 1BLACKWQ3LHpbh8GFYnarr5mpuJ7xz1v5h (https://www.blockchain.com/explorer/addresses/btc/1BLACKWQ3LHpbh8GFYnarr5mpuJ7xz1v5h) you advertise and want people to fund is not:
hd seed originated.
hardware wallet originated

heck you used a vanity gen which could have been compromised. where by the only reason no one stole from you is no one wants to tip you
balance received: 0

can i just ask why you dont want to advertise a HWwallet seeded segwit address/ LN channel as your tipping address?
(with all your promotions it seems hypocritical to not be using the things you advertise)

Having the hacker followed will not be going to bring the money back, they could literally sell it OTC and nobody would know, and they could have used a great mixer, or something like that to make this work, they could turn this into smaller chops and by far harder to follow up as well.

Long story short, there are a billion ways they could cash this into fiat in their bank account and nobody would be able to stop them. All in all, I would say that once an account is hacked, the money is gone, there is no way to return it to the original owner, any decent hacker who would be good enough to hack into it, would also know how to cash that out as well, that's easier to do.

I'm a bit late to the party, but want to share some thoughts.

First, it shows that not only "stupid" people or "noobs" get hacked. Anyone can make a mistake without realizing it. And anyone can become a target or catch some stray bitcoin-stealing malware. This should be a wake-up call to everyone to triple-check their storage setup and don't get arrogant thinking that you're a master of bitcoin security and can't be hacked. Instead look at yourself from a point of view of a hacker and think how can you get hacked.

Second, I see a bit of a privacy dillema here with Luke trying to find the thieves. If he succeeds, despite mixers and coinjoin, it would mean that Bitcoin privacy is not good enough to protect you from adversaries. What should Bitcoin (I'm talking about the whole ecosystem, not just the protocol) future look like - weak privacy that can be broken with certain effort, or complete privacy that protects everyone, even criminals?

Hehehehe I am happy than someone does not feel offended or antagonized with my replies.

In any case, similar to some of you the more time I spend thinking and speculating about this, the more I cannot believe or understand how a bitcoin developer and an expert in the cryptospace had his coins in cold storage stolen from him.

bitcoin is private

no one knows the name of the entity moving the coins thus far.
no one knows the country of the entity moving the coin thus far.

bitcoin is not revealing that..
the point at which privacy breaks. is the KYC of using an exchange

that's because 200btc represents small percentage of their total owned. so it's like a normal person storing 0.005 btc on a hotwallet while they have 1btc on a paper wallet. not unreasonable right?

assuming there are thieves. but a bigger issue is that's how satoshi designed bitcoin is so that whoever has the private keys can spend the money. if the thief sent all the money to a burn address what then? are we going to roll back the bitcoin blockchain? if so then bitcoin has no meaning...

I have a hard time speculating that at some point the hacker is not going to make some kind of a mistake that causes his/her identity to become apparent, yet some of these cases take a long time to figure out - especially if the hacker ends up sitting on the coins and just hoping that with the passage of time, there is less attention on the matter.  I am sure that various kinds of USA govt officials are less excited about Luke's coins as compared with the 94k Bitfinex coins that they ended up getting after around 5 years or the 40k Loaded coins that they ended up getting after around 9 or 10 years.  Of course, there are likely several other examples, but those are the two that come to mind for me recently.... 200 coins?  are we paying attention? 

Are people with forensics paying attention?  Anyone besides CZ's public comment to keep his eyes peeled for the coins hitting his exchange, if that's going to work?  I am not sure.  Remember a few years ago when CZ had something like 7k coins hacked and asserted that he was going to get the chain rolled back.. hahahahaha.. that did not happen, and he got beat up publicly for making such assertions.

oh your one of them types of people, still.. i thought you were getting better then that.. seems i came too early to treat you differently than them
anyways years ago
other people suggested to CZ about a possible roll back. he told wider community that he had talks with others who came up with suggestions and in same video he said his priority that week was to sort his server security and custody security, finding the bug/entry,loophole the hacker used.. and plug it..
.. and within 8 hours of video he made it clear he wont be doing a rollback.. thus it was a non starter-drama of meaningless effect that should have died within the same 8 hours of speculative chatter

timeline
8thmay 2019
8th: he done a AMA to explain why the maintenance event happened
where someone proposed TO HIM to do a roll back
https://www.pscp.tv/w/1mrGmvjpbqBJy
"this morning alot of people have offered us support, and there is a few topics i will discuss in this regard"
"the idea came from the community and i did not know that we could do that"
"To be honest, we can actually do this probably within the next few days. But there are concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin."

same day 8th
Quote

purple words are not CZ talking about something HE came up with

plus it was all a non event, no drama that extended for .. a few hours.

---

i dont like central exchange or luke.. yet even i can stay rational and keep to the facts..
.. wish some others would keep their biases aside

my biases atleast can be found in real data and activities that actually happened

Ok.. maybe I had been influenced by the wrong facts on that topic?

I am not anti-CZ... generally speaking.. .. and so I otherwise stand by my overall attempt to make the point that it could take a while to figure out who the hacker of Luke's coins might be (presuming that Luke actually lost the coins to a hacker as he has asserted to be the case), even if some folks are trying to follow and identify the hacker.

See my new edited response, below.

once coins enter a mixer things get harder to follow
however shifting a large amount through a mixer in a certain period would see a larger amount of outputs  after mixer too. seeing large amounts join back together to more then the usual allotments can reveal the entity again and if then going into a exchange can reveal their KYC

its not impossible. but it is harder with a mixer involved to just 'taint watch'
it requires seeing a large yield of 0.00x go into some utxo's and a large yeild of 0.00x move afterwards to see who swapped with who..
(it would be stupid for a entity to then deposit them all into same service or re consolidate after a mixer)
.. it may even result that a innocent receiver of stolen funds gets in trouble for handling stolen funds and loses their funds due to links with the mixer they used.

Edited to account for your additional response (explanation) that came after my post.

Ok.. maybe I had been influenced by the wrong facts on that topic?

I am not anti-CZ... generally speaking.. .. and so I otherwise stand by my overall attempt to make the point that it could take a while to figure out who the hacker of Luke's coins might be (presuming that Luke actually lost the coins to a hacker as he has asserted to be the case), even if some folks are trying to follow and identify the hacker.

Regarding your last point..

You are not even close to unbiased, even if you want to be patting ur lil selfie on the back as if you were the greatest thing since sliced-bread... #justsaying.  You do make some pretty decent points sometimes, though.. even though at other times, you seem to be totally off-of-your rocker, if you have such a rocker?

my biases can be backed up by events that did occur..
my issues with segwit activation is backed up by blockdata that supports how things actually happened
(id trust code/immutable blockdata, rather than a tweet or social club)
my biases against all the flaws of LN can be backed up by the flaws.

i dont have utupian fantasies. i actually do the research. and everytime, i ask others to do the research too. and not just pander to their pals who told them a story using a quote of a third party that told them.. as thats just echo chamberism of cabin fever friendships.. not facts

i know people hate HOW i am frank.. literally. ..  how im not an ass kisser or a hugger.. but then again, who deserves a hug when they are already asleep dreaming

Bitcoin allows tracking of funds, and by tracking funds you can find those who interacted with the owner, which could lead to finding the owners identity. KYC is not the only way it can happen, just the most common and easy one.

Imagine a thief selling coins for cash during in-person meeting, and the chainanalysis tracks down the buyer of the coins, since they do a lot of transactions and leave a large footprint. So the law enforcement questions this buyer and looks at the camera records near the place where the trade happened and get a pretty good profile of the criminal.

If Bitcoin protocol or Bitcoin ecosystem could guarantee that a previous transaction can not be linked with the next transactions, identifying users would become less likely.

bitcoin does not reveal identities

the only way to track down a person. is to link a person to said transactions via a service

..
also transactions can be de-linked (mixers).. where you end up chasing after a innocent recipient of mixed funds to their kyc exchange and they get their accounts frozen and treated as stolen funds

and entity(thief/luke) is now hoarding a different set of utxo

kinda funny how a btc dev is seeking help from the gov lol

I'm not sure I see it this way (not a dilemma anyway)... If everyone only used Bitcoin without exposing people, then only parties in a transaction know each other (and this isn't even necessary).

The theft being announced immediately identified one party and then the thief (or at least, put him on the radar).

If Luke succeeds, it only means that they (the thief) did not know how to use (limited) privacy-enhancing features or was unaware of how Bitcoin works (not likely one might think, but hey Silk Road).

I'm thinking of past thefts that were easily tracked here.

If he fails, I see it only to do with the success of the privacy-enhancing measures the thief would have taken (mixing, coinjoin, etc).

Re the future, I thought privacy was already the current development focus of Bitcoin (seemingly moving on from scalability)?

Or maybe chainanalysis is so strong that it can unmix the mixed coins, so even if the thief did everything correctly, the funds will be tracked.

As I understand, mixing is not formally proven to break the connection between coins, it's just that no one has managed to demonstrate the opposite so far. But chainanalysis companies have been working on it all these years, so there's a possibility that they will come up with a solution or maybe already have. It could be probabilistic - it may not work for every output, and sometimes provides false results.

the 119k bitfinex thieves got caught

as for using mixers
even more simpler then just taint following..
the FATF regulation policy is that any use of privacy enhancing tools (monero, LN, mixers. etc) flag up funds as suspicious
so it becomes simple.
"the more you try to hide. the more you get noticed"

the silly thing about mixers/ln/monero/etc is this.
they only work the more users use it.. less users use it the more flaws and failures are seen

with mixers being used by a 0.x% of community. it provides a narrow darkpool of suspects
working backwards from a service to the privacy tool
working forwards from a theft to the privacy tool
narrows down the privacy tool usage by certain date. further narrowing down the darkpool of suspects

....
why do you you think there are some malicious idiots trying desperately hard to get innocent normal people into using privacy enhanced tools even if privacy enhanced tools are things that will definitely get innocent peoples funds noticed more (flagged as suspicious)

because JUST thieves using a system. swapping tainted dirty funds means just the thieves receive dirty funds on the outbound
so they need to coax innocent clean people into privacy services so the thieves can take the clean funds and leave innocent people with the dirty funds

(homeless people trading their underwear, means homeless people only receive someone elses dirty underwear.. unless they can try to get more innocent retail customers to donate their clean underwear for dirty underwear)
now who would be stupid to do that, knowing they would end up catching something nasty

monero has atomic swaps.

atomic swaps are anonymous. far as i know.  :o so the thief takes some dirty bitcoin and swaps it for some xmr. then later on sometime he does another atomic swap in the other direction to clean his bitcoin. money laundering 101.

just using monero.. gets your name on a hot list(small pool of suspects).......
the people spending the bitfinex 119k stash years prior.. used monero and mixers .. it was part of their downfall, and flags were raised on those exchanges.. those people are now in prison
..enough said

For the most part, unmixing coins requires to flag lots of innocent users as thieves. So yeah, if you're about to flag nearly every user who'll either use a mixer or coinjoin coins, then you'll most likely hit the thief too. The question is: can you point the thief's coins?

If you think this is a good analogy, you should stop using bitcoin, because it's clearly possible for your coins to be mixed with "dirty" coins as you call at some point, unless you don't use bitcoin as currency and just hold it for eternity.

if your coins are highly mixed with dirty coins. then that says more about people you trade with than me..

even the "anti-hero" prize received(mixer sponsored competition)..  i separated and i am not going to touch or consolidate with my main stash from other clean sources.

as for you thinking that the utility of mixing is high.. well we both know thats a lie. its why certain people are desperate to phish in innocent people into privacy enhancing tools. due to a huge LACK of innocent people to swap with becomes a criminals NEED to drag people into those systems.. because the collective pool of shady systems is small in comparison(when they sound desperate and try too hard to hook in users.. you know they lack users)

lets note one example
exchanges have over 100m users locked into custodians.. a certain network only has way less than 70k nodes(most are just shll (sybil) nodes of like 10k run on some cloud service(as admitted recently last year)
but even treating those as genuine is like just a 0.07% pool of privacy enhancing tool users

this can be narrowed down way way further via many different methods

---

as for thinking "alot" of innocent people get flagged up.. nah.. most darkpools of mixing/privacy enhancing tools. end up being a small collective where majority of them are guilty of atleast one or more things even if its not the intended crime being investigated..

yep you think your preserving your privacy of lets say drug possession, where if you get caught handling stolen funds, by accidently using the mixer the same day lukes stash is deposited. and then boom.. they find out about your (example, not implying)drugs in subsequent investigations while you try to explain your not a thief of lukes stash.

meanwhile innocent cattle farmer gets flagged for being talked into using a mixer to protect his farming profits, gets caught in an investigation where they see he isnt a viable suspect of hacking.. but maybe might be for tax evasion at most. or taken/excluded from the suspect list upon further investigation.

narrowing down the suspect pool. of who used the mixer on specific timeframe ..

so its not as you say "lots of innocent people"

Such news is disturbing, think of a developer whose wallet was hacked, a so-called technical expert but a hacker still managed to get into it. Does that mean he is still victimized because of negligence or being careless or complacent?

If this is one of the technical experts who has been robbed, what about the other communities here who don't know anything about these matters, they are very poor, right? This means that hackers are indiscriminate, as long as they have an opportunity they will steal right away.

even a car technical engineer can lose his car keys.. (though he has now implanted a chip in his hand to never let it happen again):-elon

even real estate/housing developers lose house keys

it happens.
bitcoin solves many things, but it cant solve "human"


best to learn from lessons
first sticking to the points of actual occurrences/events, limitations of ability of the real life instance.  to then learn from actual events and how to mitigate if for people with similar positions..
before going spaceballs to the wall exaggerating the most elaborate systems imaginable of precaution requiring buying several devices and only using systems if your wearing a tin foil hat on a moonlit tuesday night when the stars are sat in a certain region of the sky

the most basic scheme is this..
if you have funds on old keys (non hardware seed).. SPEND THEM and put change destination as a fresh wallet not used on that system(certain software wallets are not helpful with this as they prefer to just add change address to exposed wallet or put change on same seed derived key thats seed had been exposed)

then if funds become substantial in regards to your lifestyle then decide how more elaborate you want to be

trying to tell everyone that they should "just buy hardware wallet" is silly if a hardware wallet is USB key and all they have is a cell phone
or they usb key is $80 and they are african where their savings/hoard is less than the key cost

Do you believe in dirty fiat or have you adopted this nonsense for bitcoin solely? As money is concerned, it's fungible. Any opposition to this fact attacks only you and your fellows.

You say that I should be concerned, rather than you, because I'm the one who mixes bitcoin. Let me ask you, how do you know you haven't exchanged with someone who did mix coins without you knowing it? Or someone you exchanged with, did exchange with someone who mixed once? And it goes on and on, how do you know you aren't connected with some suspicious activity, without your knowledge? From a blockchain perspective, every transaction can lead to a coinbase transaction, and it's likely someone mixed among all those transactions.

I know this might come back to bite me in the ass but I've always held the belief that these companies don't know more than developers (I frequently bring up the Chainalysis whistleblower case several years back who confirmed that they were selling software that couldn't do better than what an armchair sleuth would find on public tools).

I'm sure there will get better.


Forget malice, ignorance and carelessness too. When I first started p2p selling, some guys got so lazy they gave me an exchange or even casino address and that might "taint" me just by sending them even though I specify to give a clean personal one.

It is true that regular people do all kinds of weird shit, and then sometimes any of us who are wiling to transact might end up getting connected to their transactions.

I remember in about 2017-ish I was introduced to a guy who wanted to meet with me so that I could sell him bitcoin directly. One of his friends had recommended to go to me to get bitcoin, and at first I had to tell him that I would not transact with him unless he had at least $300, but then when I finally met him after he was able to accumulate at least $300, he told me that he wanted me to send the bitcoin to a "one coin" address.   I would frequently try to inform people about the differences of having their own wallet versus using a third party wallet, and I would suggest that there were several advantages towards having their own wallet rather than having me send BTC to a third party (which was their account).  

Sometimes people are in a rush, and they might have other reasons, and from my own point of view, I might try to consider if I might choose my wallet (or sending address) differently based on the wallet that I am sending to, and if the transactions are not very large, then there might be fewer concerns about sorting out these kinds of matters, even though surely if coins are being traced then sometimes there could be lower and lower coin amount thresholds that trigger attention from folks tracing the coins.

In my first interaction with the one coin guy, I told him that one coin was a scam, and he really should just buy bitcoin directly rather than getting scammed out of his money.  He was in his early 30s, perhaps?  and he surely was an adult, yet he told me that he really wants to send bitcoin to that one coin address because his friend had recommended that was what he was supposed to do, so I told him that as long as he gives me $300 and a valid bitcoin address, I don't care where I send the bitcoin that he is purchasing, and he is responsible for the whole matter in regards to the validity of the receiving address and if he would be able to get access to his coins.. or credit for having had received the coins from me to that address that he was giving me.  

So over the next several months, I transacted with the guy several times and various amounts, and each time I told him that one coin is a scam, and there were times in which the address was not working or that he called me and said that the transaction had not gone through and I would tell him that I sent it or that it looks like it went through on my side or that I would confirm the number of confirmations might vary depending on who is receiving the BTC and various strange things, but he kept coming back to me every few weeks, until at one point when he did not.. but it was a bit weird of a situation that each time I would lecture him, and he would insist on going through with the transaction in spite of variations of my lectures... Maybe I would reconsider the matter today?  I am not sure.  the amounts did not tend to be that much, and sometimes I would just use the same wallet that I had used previously, and other times I would send from a different wallet (or a different address).  

I don't recall having coin control capabilities at that time beyond my then practices to run some addresses or wallets until they would go to zero and then to recharge the wallet after running it to zero in order to lessen the amount of traceability.. but still I could see that I could end up being targeted based on some of those kinds of weird transactions.  I would also frequently tell strangers that I would not transact with them more than a few thousand dollars on the first time, and sometimes people wanted to do very large transactions, and I would not meet with those kinds of people or agree to doing what I considered to be large transactions.. and they would sometimes call me names and various things like that after I said that I would not do those... Direct transactions with strangers can sometimes end up in strange places, I suppose.. and sometimes we might believe that we are engaging in some innocent transaction with a vendor, and then the vendor might have had some $10k plus transaction or maybe even several very large transactions with questionable people, but then we get roped into his/her chain of transactions.  

I try to be careful, but at the same time, I believe that we should try to promote doing transactions without having to gather data..

I told one of my relatives that if I transact with him and he wants to buy bitcoin from me, that he would have to pay me 5% above the spot price, and he seemed to be very turned off by the idea that i would charge him a fee.. so sometimes newbies might not really know the difference between what might be KYC free coins and the ones gotten through KYC channels... I told him that he can get his coins on an exchange too.. but there could be some value in his holding coins directly rather than getting them on an exchange or holding them on an exchange, and he did seem to appreciate the idea of holding value outside of systems (comparable to holding private stashes of gold).

I recall also in late 2017, there were all kind of crazy people contacting me and wanting to buy BTC from me and I kept raising my premium, and I think that I got up to 12% for a few transactions.. usually the lowest that I would be would be 5%, but if I was getting too many folks at that price, I would raise it, just to weed people out, and I could have charged more than 12% during those crazy times (even 20%), but I did not want to.  At some point, I just went completely off of the availability status and would tell people that I was not doing any transactions with strangers until the crazy-bitcoin atmosphere cooled down, and even people who I knew, I limited how much I would consider transacting with them because the whole environment in late 2017 and into early 2018 was feeling weird and unsafe to me...

BTC Price runs can cause some weird behaviors, especially when interacting with people directly... and yeah, we could end up transacting with folks who might either directly be involved in shady activities or folks who had been transacting directly with their own web of shady folks.  The world of interactions might not be too far removed from the necessary number of hops before some transactions might end up being potentially shady.

if its fungible(you view as a binary option yes or no(facepalm)). there would be no such thing as "border seizures" or "bank IRS seizures" or crimes like "handling funds related to a crime" no "handling stolen goods or proceeds"

your group emphasise "fungible " a little too much, without understanding the depths of it.. . if a drug dealer hands you $10. they will(can) seize it and question you until you give a compelling answer for them to hand it back

heck look at the FTX saga.. 2 months on and 10 more to go, and those that did withdraw 2 months ago might have their withdrawals clawed back at any time

museums after many auctions end up having to hand artwork back if provenance is tested that art was stolen

as for how i know about my sources of coin..{edit out. dont wanna help you out too much} there are many many ways.

shame after so many years you still think mixers are acceptable to CEX, shame you think fungible is binary, one taint is clean enough.blah..  and think that innocent people should use them(which shows after years you havnt done research for your own security risk aversion of your own value)

also. if you cared to do some research you might learn how to "clean" the dirty.
and work out at which point FATF would declare funds now clean("fungible") and no longer blacklisted.
but i wont help you out in that regard.. because.. well honestly. you dont deserve that spoonfeed. its now time the baby learns to feed itself.  you should work it out for yourself, ESPECIALLY if you are holding alot of mixed/dirty funds

as for fiat
i get my fiat out of an ATM.. nice crisp bank notes. no folds, no crumples, no creases, no stains.. thus clean

have a great 2023. hope you do your research

screw it. its the new year.. fresh starts and all.. so one spoon tip:
currency suspicious links to criminal activity is not a boolean yes or no.. .. its a sliding scale or rating of suspicion. its not boolean(incase i was too subtle in earlier paragraph)

And as long as you take care your privacy seriously, there won't be such incidents. Besides, just because you happen to have stolen funds, it doesn't mean you made the robbery. I'm not an expert, but it makes sense to only seize coins if you provide sufficient proof of robbery (not limited within the blockchain, e.g., doing KYC right after you steal, or have your privacy invaded otherwise).

You assure every Internet merchant you've exchanged goods with is trustworthy, and 100% obedient with the law? And that he hasn't either exchanged goods with someone same like? Et cetera, et cetera?

You dropped this: mixing.

There are no dirty coins. Only dirty minds.  :)

Unless you do self-custody. That's a red flag for FATF, which nullifies the whole Bitcoin concept, but yeah, clean coins. Duh?

you really are grasping

i understand YOU "FEEL" that funds "shouldnt" be seized unless you are the actual criminal.. but your personal feelings are not financial law.. thats not how laws work
try to read the FATF and bank secrecies act.. and not rely on hope dreams and buddy quotes

did you know that finances have no privacy.
i bet you didnt. but you pretend to have the expectation of financial privacy
finances/currency. do not have the same "rights" as property

instead of feeling and dreaming of how your utopia works. do some research!

and no im not talking about you questioning people to get spoon fed answers where you can then quote as your source in your silly "but thats what she said"

actually find facts, laws, rules, code, practices, data.

if that's what you believe. :o

no one is tracing monero. so you must be having a bad source of information. but whatever.

just using monero gets you on the list you dont need to be traced via a particular monero transaction.. ANY deposit of monero no matter the source is treated as a using a privacy enhanced tool and flags you. they dont need to know what you bought or from who or where you got the monero from.

just depositing it into an exchange trigger the flag

i cant be bothered this week to spoon feed people

so an anonymity enhanced currency (AEC)

search out words like:  treasury, sec, FATF
in conjunction with:
money service guidelines
monero AEC

see where your own research lands you

seems more and more people are playing the idiot card just to get spoon fed the answers.. like they deserve answers, screw that this week.
if you dont want to research and learn for your own good, dont get involved in concepts you dont want to know about

It's safe to assume that using Monero (or any other "anonymous" coin) would indeed put you on a list of someone that is interested in obfuscating their finances for whatever reason. This isn't 2015 anymore guys, governments aren't dumb, anyone that is crazy enough to send Monero to an exchange without at least using some precautionary measures is asking for it.

Anyway, anyone got any news? last I've heard is hackers were chipmixing the stuff:
https://twitter.com/ErgoBTC/status/1611169585457238018

i guess nowadays it is possible to "use monero" and no one knows you're using it.

who said anything about depositing monero into an exchange?

yeah probably. ;D


I'm curious what would happen if they just sent all the btc to a burn address...that would be like destroying his hopes to get anything back but would anyone still care about finding justice for him. ??? Binance would probably want to fork the blockchain and put his lost money back into his pocket go figure.

and if you had a hand full of btc but wanted monero.. you would need to
_ _ _ _ _ _ _ _  it . missing word starts and ends with an e


and if you had a hand full of monero but wanted btc.. you would need to
_ _ _ _ _ _ _ _  it . missing word starts and ends with an e


whats with certain people lately thinking binance ever wanted to fork bitcoin
oh wait. guess they didnt do the research*

im all for new people asking questions. and asking genuine questions to learn
but after time when they just dont get certain concepts even with information available within 3 seconds or being told something and then having way longer than 3 seconds to check it or think about it..  
but instead they just wanna be part of the "recite something they seen on social media" brigade, i start to wonder do they actually want to learn things anymore

*May 8th 2019 binance does a AMA video on periscope informing viewers that other parties gave him idea's about a fork re-org, which atfirst he said didnt think was possible and that there are many reasons not to, but thought if it could be done it would be done later in week as top priority is plugged the hack holes that week.
same evening of the 9th he tweets to clarify and kil social drama that they wont be doing a re-org at all. thus non news. non start of any drama. game over drama in a few hours.

If you're cashing out a significant sum of XMR through a KYC exchange for fiat, then yes, you want to have a legal reason for doing so. However, there are tons of alternatives these days. You can even buy gift cards (https://cakepay.com/) with it now. If privacy is your goal, BTC doesn't hold a candle to XMR. There's a reason why the largest darknet markets don't support BTC (https://news.bitcoin.com/4-years-after-the-2017-law-enforcement-takedown-alphabay-is-once-again-the-king-of-darknet-markets/) as a payment option anymore.


What's even crazier than using Monero is using a mixer. My bet is all mixing processes will be totally deanonymize-able before the year's end.

It is also somewhat remarkable that ChipMixer has still managed to evade sanctions.

Maybe that implies for anything privacy respecting nowadays. If you're caught to using Tor Browser, you're put to the "weirdos" list. If you're caught to install Tails, you're suspicious. If you're caught to use protonmail instead of gmail, weirdo! LineageOS, or any other privacy focused mobile OS instead of iOS / android, real freak.

If you're caught to selling XMR to a KYC-ed exchange, you need an unusual reason as justification, because it sounds really dumb.

Everywhere there's mixing though. Move to another wallet, and you just (poorly) mixed your coins. Convert your BTC to LN-BTC, and you're just taking advantage of the greatest, decentralized Bitcoin mixer available. Use a DEX, and no chain analyzing company can safely assume what you're doing.

NSA analyze and save the IP of every persone download tor browser since 2013.

With obfs bridges you can try hide to your ISP that you're using tor. Welcome to 1984.

And I really don't understand what conclusion one can make with this information.

I don't want to, actually. My ISP doesn't block my entrance to the Tor network, and I neither care if they know I'm using Tor. Just as mixing bitcoin, I don't care if somebody knows I'm part of the process of mixing / using Tor. Quite the opposite. I want them to know I'm respecting my privacy. What I don't want them is to know the final destination each of my processes.

the concept of a weirdo list is very true and yes its part of narrowing down "suspect list".. and im actually preferring blackhats term of a "weirdo list"

as for his yet again overly hyped and salivating at the mouth promotion of lightning. blackhat has fallen down several holes and hit his head and not done the research (or has done the research but doesnt want to talk about the negative flaws, non-hyped advert positive stuff)
..
just like tor, certain analysis/data agents can become some of the "bridges" and "exit" nodes of tor to then identify traffic.. in LN some nodes can be on the route to notable services to traffic analyse payments going through them

the only saviour feature of LN. is that because LN can only handle routes of ~$570 MAX(if lucky(avg channel cap /2 parties)) governments and more precisely regulators and more precisely data companies delegated to analyse and identify a weirdo list.. simply dont care about your silly small drug deal amounts.

you'll still be on a weirdo list but they wont bother you(handcuffs) unless your criminality is worthy a stiff sentence

as for his avoidance of the obvious negative flaw of LN (liquidity)
LN would completely bottleneck and fail if it had to try routing 200btc in a small time period

if your destined LN recipient for a swap only has imbound ~$570. and the hops(route middlemen) only have the same. there is a limit to how much can be moved


oh and by the way. most of the LN crew keep promoting "look guys i done [under 400] events this month"
meaning when events can finalise in under 1second it shows a massive time gap between events. meaning just watching for the gossip "channel updates" makes it easy to find the paths..
oh and even funnier.. the channels reveal their funding utxo's so even easier to "follow the money"

simple math if they do under 12 events(routes) a day meaning 1 per 2 hours, meaning, 1 per 7200 seconds
its very easy to spot the paths that update(gossip) in that specific timeframe of a few seconds without much "noise" happening near that timeframe

You are right. That is actually frightening how an OG Developer can get hacked and lose a large amount of bag. It shows how smart and dangerous hackers have become nowadays that they can trick literally anyone. Also on another hand, humans make mistakes. It is possible that Luke might have done something which made him vulnerable to the hack. There are so many malware and viruses which come along with files we download from the internet and can compromise/control our systems.

They don't know what's the destination, though. That's another level of privacy, comparably with the blockchain.

If you took the time to read the whitepaper, you'd acknowledge that lightning exists for micro-transactions. Not for 3 million dollars worth transactions. But, yeah, I'm the one who needs research.  ::)

That. I don't understand why such fuss for this. Isn't it possible that a smart person makes a human mistake? Don't smart people lose their cash by accident every day?

YOU were the one advertising in this topic involving a theft of $3 million that lightning is the solution to wash the hacked coins clean!!! as you called it the "greatest"

but thank you for now admitting you happen to now remember that its not designed for that... thus not the "greatest"
nice try shifting the adversary, but you are your own worse adversary

i was the one telling YOU that LN was not designed for large amounts. heck i even told you the limitations using $ amount limits based on the stats of capacity/liquidity of routes
i think you need to see an optician
..
when you learn about LN's "gossip" and how channels funding is actually public. you may learn that with the lack of events per second.. finding the path and thus destination due to gossip becomes EASY

heres your dilemma
you think that you are safe because no one can peel the whole onion skin to core...
but you forget/dont know/ignore.. that they have ways to simply watch where the onion plays pass the parcel without needing to peel the onion.. especially on a low-use system where packet sniffing and gossip listening is EASY to monitor for "channel updates" due to lack of noise

im sure you probably do know it but dont want to say it out loud.. but if you dont then thats a failure on your part
i consider you do know it which is why you and ur chums are full on pedal to the metal, snake oil utopia, trying to recruit new people into your silly system to create more noise in the "gossip process". even if you are not morally telling your recruits of the many flaws you are inviting them into

trying to cause innocent people to be put on a AEC weido list just so you can exit an AEC with clean funds... leaving the innocent people with dirty coins. is not moral or letting your innocent recruits be informed of said weirdo lists, liquidity issues, how they end up with dirty coin.. and how they can be conned, scammed and easily stolen from due to many other flaws of your favoured service..

for someone that pretends is securing his stash. you sound less like a risk-aware guy, looking for flaws to help know the risks and inform others of risks/flaws... and more of a snake oil advertiser only selling the utopian best case dream

..
last point
if things were so binary fungible and untraceable.. why have you put soo much effort into needing to recruit. why are you so worried about "dirty" why even need a mixer if you think everything is fungible
answer: because you know deep down behind the hidden advert messages.. that things are not as you say they are

you could swap your btc for monero in a decentralized fashion. not sure what word you're thinking about though. :-\

atomic swap it? not sure what word you're thinking of exactly.  ???



well here's some research for you:

"To be honest, we can actually do this probably within the next few days. But there are concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin."

guess who said that? do you really think this guy could pull that off? he must be really delusional if he thinks he could. and what's even worse is how he thought that might be an acceptable thing to try and do. :o

ha ha ha.. a snippit out of context

you missed the parts where he said others gave him the idea
you missed the parts where he said he doubted HE could do it

you also missed the "can" and "if" and just thought it meant "will" and "dont care about"

and you are not understanding the "we" involved in the statement you snipped

and you ignored that he said that his priorities were first to secure the security holes in the system/

and how just hours later he told everyone he is not doing it...

thus it didnt happen. it was a non event and the idea was not even his idea

.. but hey i guess the full context of the facts of the actual social drama HOURS of may 8th 2019 dont matter. becasue instead some tweet/social thing your read in 2023 means more than facts of actual events of 3year 7 months ago..

---

its like this
larry:"someone told me to jump off a bridge. its possible in the next few days, im just concerned if the bungee rope wont break and damage my head when i fall"
8 hours later
"i spoke with the people about concerns and im not going to jump off a bridge"

4 years later
latery is a suicidal maniac he wants to jump off a bridge this year becasue he said he would kill himself 4 years ago

the only thing he got right about his assessment was how he would mess up bitcoin's credibility (for years to come no doubt) if he were to do something stupid like that. :o hopefully no one would have gone along with his little scheme. nothing is out of context franky, he said those words. they stand by themself. it's unfortunate that he would have ever even considered such a thing in the first place but anyhow...

ok seems someone is on a social drama craze and not a fact finding craze
ok, ill add you to the list of people that dont care about learning..
..
moving on

luckily bitcoin is not fungible though. otherwise this thief might actually get away with the stolen funds. maybe someday they'll invent a technology that allows bitcoins to be turned into fungible bitcoins if someone uses a particular transaction type or address type. now that would be something. but only responsible people need apply. people that know how to manage their money... >:(

fungibility is not a boolean option of yes or no. its a sliding scale
..
from a legal prospective. legacy has keys and signatures. thus in legal terms.. property law, privacy laws can apply if fought in court
recent transaction formats only have witness statements(scripts) and passphrases(access not ownership). so even saying your the witness/accessor doesnt mean your the owner/victim.

luckily luke used legacy so he can be owner/victim of theft. unlike those using new style formats

yes there could be new transaction formats that come with their own terminology to not be defining their held value as a currency, asset, commodity, but as property. and businesses can classify deposits of that format as such classification. to separate value into different piles/allotments for different purposes

but to then limit who can use such format. then presents its own problems of a decentralised open system

but to awaken people to such notions and possibilities and also awaken them to how things actually stand now legally.. needs educating people into the actual events of the past and present... and no, not the versions they read on social media version of events that did not occur the way the social media are presenting them

In the strictest sense, bitcoin is not fungible since the holder of some bitcoin could be discriminated against based on that particular bitcoin's transaction history.

to be truly fungible, it has to be indistinguishable from any other bitcoin. and it's not.

no one cares about bitcoin not being "fungible enough" until it affects them. like when they go and deposit it into an exchange and the exchange freezes their deposit pending an investigation and possible involvement of law enforcement.

sorry franky i don't know enough about that topic to make a proper comment. but it doesn't sound right. there is always an owner to some bitcoin address. that's the person that has the ability to spend it  ::) courts would probably think so too.

you mean like bech32? that's just a way of encoding a bitcoin private key into an address. no different than legacy really...

well what do you think about binance and their little busd unpegging story in the news? you think it was real or you believe what they say? ???

if you are depositing funds that are a 100% uxto from a stolen stash.
or every serial number of bank notes deposited at a bank are from a known bank robbery.. the % of suspicion is 100%

however there is a % /rating system of suspicion its not boolean...
there is a scale with thresholds.. whether its bitcoin or fiat

EG moving $10k of any denomination of funds across a border via hidden in a trunk of a car.. has a higher rating and above a certain threshold.. compared to
having it on your debit card when you travel abroad
compared to
moving $10k within a border to buy your fiancee that wedding ring she expects
..
also to note.about regulations and guidelines(yep you can research it):
just the slight suspicion of say 1% taint or 1 bank note of 100 bank notes being a serial number linked to a robbery, is not enough to freeze accounts. yes there are maybe some investigation going on behind the scenes after deposit at CEX/bank/business level.. . but they have to by regulation let the currency flow.  and not tell you about investigation..
IF certain things meet a threshold, they SAR report it to authorities.. again while letting the currency flow..
IF authorities determine there is significance of a crime the authorities get a court order and then.. an account is frozen
try not to put your unlearned unresearched opinion of how things work to mean more than whats easily available to learn and research, factual process of how MSB's process funds and investigate.
.. people can "earn suspicion points the more they use a service where more and more deposits all have certain flaggable" traits until it meets certain thresholds.

heck i am not even a MSB but i have used them and in my own risk awareness of wanting to secure my value when using a CEX, i actually bothered to research how a CEX(msb) would handle my funds. by reading a CEX user agreement policy, terms and conditions and also the MSB guidelines/handbook of how they work internally with things like the SEC and FATF.. its all available via google. and so i use google and find source information when i want to learn something

regulators tell MSB's of certain thresholds they want to see to trigger a SAR and CEX(msb) create their own methodology to investigate things and rate things to see what meets those thresholds before filing such reports


if you can see something in hard data thats about the source item EG you can see that busd unpegged by looking at actual charts and network data... then it did happen.. but if you are relying solely on social media and media in general, then you are not checking your sources, thus please check sources.

i dont use binance nor stablecoins. so i never checked your specific example nor cared to..
i dont know or care about CZ. my gripe is seeing the amount of people that dont think or dont research
(there is a game called chain of whispers which for humour was branded chinese whispers.. where someone whispers something to another person who whispers it to the next and so on.. where by the end, the message is completely different than the source... that is pretty much how social media works.. the message can get lost in translation in the media circles of each persons opinion of what they read, seen, heard)

its why i keep saying DYOR (do your own research) to people

but now prompted by you.. i just did have a look (today) and yes it appears that on 19th of march 2020 it did depeg temporarily beyond its 99.98% allowable threshold. to go down to 97%
and i checked by looking at chart data. not social media.. and it took me under 15 seconds to load the page and select the 'all' timeline and see the chart wiggles.. much faster than it would take to try finding some social media opinion about some tweet found somewhere that was linked somewhere in some topic on the forum.

i could then try googling the reason for the temporary event depeg. but im not interested in that. but i know i can.
if busd continued to be below a 99% amount for a lengthy period, and it started to affect the whole crypto ecosystem.. . then it would be more interesting to research. but small 1 day events are meaningless over all if they dont effect the ecosystem beyond that day, are not interesting and not worth thinking about 4 years later

so try checking sources and finding full context and content. and relevance

EG lukes actual tweets reveal he had coins on legacy addresses. so when sily people start talking about hardware wallets and passphrases.. they are not talking about actual events. they are saying shouldisms. but those shouldisms can only be true if luke first moved coin from legacy and chose to put his change destination to a HW wallet seeded address(my advice) however just using his node would have and did put lukes stash onto another legacy change address, meaning exposing his wallet(again i mentioned this). as seen by checking his previous spend events before the theft

What lessons to learn from the Luke Dashjr private keys (data) breach? How to prevent, counter-measure and cope with that kind of attacks? (Also, why we can't already learn more or enough within the 2 weeks that elapsed).

Get a hardware wallet and write your backups onto paper with your own hand.

That's from technical perspective. What about human behaviour? How to stick to the best practises all the time, resist cutting corners, for example.

Thanks for a reply.

Stick to best practices & resist cutting corners I think covers a good chunk of it.

In addition I'd recommend staying humble and never thinking you are too smart or too pro to make mistakes.

I see this as sure disaster

where do you store the paper
hardware made at hardware level with hardware level attacks.

Your at the mercy of a lot of people a very long supply chain that *know* you puting valuable there

After seeing people who have been using "cold storage" in a way it was "going online only to send out transactions", my current experience tells that HW is the current "good enough" option for the masses. And the rest can set up a cold storage properly, hopefully better than Luke did.

"where do you store the paper" <-- If you ever had a seed to store, you can answer this yourself. And if you didn't, you should use the search feature.
And I am curious: what would you recommend then if not hardware wallets?

Frankly, initially I thought this was FUD/hijacked twitter account. I'm too lazy to scroll through 12 pages of this thread but I suspect it turned out this indeed happened and his stash is really gone? If so, what can I say? Another proof you don't have to save but rather spend it all on Lambos, hookers and blow while you can. Roughly 20 million? That'd be enough to live 1-2 years in luxury (without buying any expensive RE for sure).  ::)

This is terrible news. I wonder how these hackers got a hold of his cold wallet addresses if they were so secure. I think besides reporting such eventuality to the local authorities, or maybe even FBI, he may also ask exchanges to freeze funds with relations to these addresses so they could be returned if things go well. Point taken, this just puts fear to the people of this industry coz if cold wallets can be hacked remotely, what else can't be right? Then again I am pretty positive he'll get the funds back somehow, long as he knows who to talk to and where to consult.

Your information and suggestions truly suck BIG TIME, serveria.

I have nothing against hookers, Lambo and blow in the proper order of things... but there is some need for sustainability, too... or at least I would think.  If we are spending on hookers, lambo and blow, we should at least want to be able to spend to our heart's content for the duration of our lives, and I am not even suggesting to strive to make one's life shorter but instead attempting to at least get as much life out of your meat wagon as is feasible and possible while engaging in such consumptive activities for the duration of it or the remainder of it.

One of the BIGGER questions tends to be that a lot of folks seem to want to get to their passionate consumptive levels way too soon - which surely does not seem to be the lesson that the Luke JR case is showing us.

I mean there is no evidence that he was starting to spend too soon. .but he seemed to be acting like a squirrel trying to preserve his nuts and still unsure about whether he had gotten to such ability to consume state, yet.. and from my understanding he has 8 kids, so to the extent that he would be including his consumptive level with the 8 kids and the wifey, then surely he would be needing more nuts... yet surely philosophies are going to vary in terms of how much to share with the kids (or even with the wife) while still living.  I doubt that we have enough information about Luke regarding those matters, to the extent that they might be relevant to our discussion here...

And, actually for someone like Luke (family man type blah blah blah).. expensive real estate might well be his variation of hookers, lambos and blow... but part of the problem, is that he seems to have had delayed his ability to get to that stage because he inadequately preserved his nuts, including but not limited to seeming to presume that his security was good enough.. in spite of some supposed breaches that he had in recent months, too.. which kind of get's us back to the possibility that Luke may well have been going down the boat accident avenue.. so probably, if he ends up still having the nuts, he is going to still have to figure out how to acquire the expensive real estate without so much traceability, and I am not even sure that I want to go down that route.. which does end up getting me to concede more than I would like to concede to you in terms of the likelihood that hookers, lambos and blow are quite a bit more mobile and of less concern than expensive real estate, if the boating accident scenario were the actual motive (which really does not seem to be the prevailing thought pattern here.. even though if you think about it, Trace Mayer seems to have had purposefully blew himself up for potentially similar kinds of motivations in which seems to be part of the reason why many longer term bitcoiners do seem to have some motivations and connections related to wanting to play the boating accident card or some similar kind of blow up scenario).

I am starting to realize that as I write this post, I am starting to think that you may well be making more senses, serveria... in terms of what you had originally stated.. but I am still sticking to my guns... in terms of both the need to establish a decently large stash first and to consider that to be more important than just going straight out balls to the walls with the hookers, lambo and blow lifestyle.. which seemed to be part of the way that I was originally reading how you were framing the matter.

Even with 8 kids blah blah blah.. more than 200 BTC would have been a pretty good place to be.. so maybe this whole situation is just seeming strange in terms of how any of us might get to a sufficient state of BTC accumulation, and then how seriously we might consider the ways in which we maintain such stash, even if we might have made some mistakes in terms of how much we consider ourselves to be employing any of our BTC liquidation stages.. and of course, Luke is not really a very old guy (even though he has 8 kids), so maybe he was deferring gratification and still psychologically considering himself a nut stasher rather than a consumer because of his age and his considering himself to be a supporter and all of those kinds of ways of thinking.. maybe? maybe?  I would not claim to know... so I am starting to feel that I am waffling in terms of how much I was initially considering to criticize the contents of your post.

That was irony, man. Poor irony I guess if I have to explain it.  ;D

That's how FUD works, yeah. And good luck hacking my paper wallet remotely.  ;D

A cold wallet that is generated following the current security standards (generated on offline device, etc), cannot be hacked remotely.

The issue is that there's more information in the case discussed here. It was not a garden variety cold wallet, it might have probably been compromised at some point, plus also it was an old wallet.

ok to say it again
before hardware wallets were a thing. before export wallet was a thing.. (before terminology got redefined)
OG bitcoiners called an offline wallet (paper or airgapped)
they called a cold wallet a node on home computer(with internet to stay in sync and make payments online)
they called a hot wallet a node on public server

luke did not paper wallet nor have hardware wallet. he had keys on a node which was exposed, as it can be seen he was spending value of his wallet in september. it was not old coins from 2011. it was a utxo from 2022 that got spent in september, then the change returned to the wallet in september.. then later stolen at the new year

i suppose but are we saying that is an acceptable thing? if it was possible to have it so that you can't trace bitcoin then wouldn't that be better?

that's because cash is fungible has a higher fungibility than bitcoin. so that's why they would let you carry your bitcoin across the boarder without any concern whatsoever.


and that's what no one wants. no one wants someone else having the upper hand on them, sitting in a judgement seat regarding their finances.

part of it is probably discretionary as well. they could flag someone for any reason whatsoever.


i'm not so sure you or i or capable of figuring it out all on our own franky that's why experts analyze these type of things:

The blockchain analytics firm ChainArgos, led by Jonathan Reiter and Patrick Tan, discovered that the Binance-Peg wallet on Ethereum, which was supposed to hold the stablecoins required to back all Binance-Peg BUSD, routinely held a lower balance than the amount of Binance-Peg BUSD circulating on Binance Smart Chain.

you can google that.



and my gripe is hearing CZ mentiion rolling back the blockchain as if that's something that would be acceptable in that type of situation. he shouldn't even have mentioned it. let him stick to BSC which has it's own "syncing" issues from genisys block, i hear.  :o

if that's all you did then you didn't do anything. there's alot more to it than just that....

you too!

your gripe about the "mention re-org/roll-back"..
before sweating under the collar or stressing yourself out anymore beyond today(its not healthy for you).. check it out. it was social drama of mis-quoting. which led to maybe 8 hours of social drama before being squashed(in reality)..
a re-org didnt happen and if you listened to the whole AMA you would hear more then you are stressing yourself over.
CZ didnt come up with the idea and same day CZ said he understands implications and same day said it wasnt happening..
and so you should, knowing all real quotes..  not be 4 years later having a gripe over a non event.
however by taking some out of date misquoted social media of other people quotes, not involved in that days AMA as your source, where you instead of finding the source AMA and same day tweets.. you dont have the full context of the true events as they played out. and that is causing you 4 years after such social media drama to still be emotional about a non-event.. based not on CZ actual words but some other persons interpretations which you took as gospel

secondly.
finances/currency are not the same laws as property.
if you can learn the differences you will know that under the bank secrecy act. currency has no privacy compared to property.
bitcoins main issue was being legally recognised as "currency" in ~2014 instead of its "property" characteristic in 2009-2014
it was that categorisation pivot that allowed in regulation and thus supervision of funds entering businesses

..
as for the "part of it is probably discretionary as well. they could flag someone for any reason whatsoever."
the regulators have a easily google-able handbook/policy guide on their flags.

yes a business can add its own flags below the thresholds of needing to SAR report to authorities. but a regulated exchange cant just lock users away from withdrawing it unless certain legal processes are done. otherwise the business gets fined/prosecuted
yes businesses can secretly investigate and not inform its users of such at lower thresholds and using more indepth methods than a regulator prescribes.
and this again is related to the bank secrecy act that treats currency different than property

lastly.
you keep mentioning "fungible" like a yes or no. rather than a scale.

if a grocery store deposited its days takings into a bank where 1 bank note of 1000 is "dirty"/counterfeit not much is asked, no eyebrows are raised. if anything the store owner might be advised to double check bills are not counterfeit by upping their UV pen/light usage of checking bills, becasue the bank rejects the 1 note. costing the business 0.1% loss (yes banks do lose value if accepting counterfeits. and yes banks do check and penalise)
if high % of bank notes deposited are dirty/counterfeit. the authorities then get a report where the grocery store is being investigated for being a laundering "front" (plus the grocery store gets penalised for it by having its deposit rejected to that % amount)

there are rules involved in regards to money. there are thresholds
there are checks and validation processes done.

if you think that fiat is so open and free to use and unlimited.. why do you think people hate fiat and prefer bitcoin.. because fiat has too many rules.
if fiat didnt have rules there would be no need for bitcoin

bitcoin 2009-2014 had very very few rules if any legislatively..
bitcoin 2014-now has more legislative rules. which is where people are now hating all the crap about CEX monitoring users

This might be off the topic, however, I reckon it will be very relevant for the people who hold cryptocoins and NFTs. A known whale in the NFTspace has also been hacked and much of his coins and valuable bluechip NFTs were stolen. This person however appears to not have the technical competency of a bitcoin developer hehe.

Last night my entire digital livelihood was violated.

Every account connected to me both personally and professionally was hacked and used to hurt others.

Less importantly, I lost a life changing amount of my net worth

Source https://mobile.twitter.com/nft_god/status/1614442000958324739



We can learn from the mistake of others hehehe.

i just remember this CZ fellow being in the news and I wasn't wrong:

https://u.today/binance-suffers-40-mln-hack-crypto-community-outraged-after-cz-suggested-bitcoin-rollback-to
https://www.finder.com.au/cz-says-binance-is-considering-a-bitcoin-rollback-to-recover-stolen-btc

why is CZ's money more important to an extent that rolling back the blockchain is a possibility but when someone else loses their money it's not? CZ is more important so Bitcoin miners should bow down to him?


Just visit the two websites I posted for you. Then you don't have to waste time reading through his tweets or listening to his "Ask me anything" although one question does come to mind. Why are you so important that your transactions should be rolled back?


ok franky thanks for the lesson in finance and how financial institutiions flag accounts. i learned something.


the reason, if any, that i don't like fiat  has nothing to do with "too many rules". maybe it is for some people. the issue i have with it is how the government can just print more of it out of thin air. which leads to inflation and my money being worth less. while employers don't increase their pay at a similar rate... that type of thing. and of course you get paid in fiat.  ::)

then use a DEX. or don't use crypto? just stick with fiat.

The fact that you have to resort to gift cards and so on just shows that the niche cases for XMR are very limited to small amounts basically. So if you are XMR rich... then what? you cannot improve your life quality. You have valuable 0's and 1's, but that's about it. You need a friendly jurisdiction to convert this into tangible things without ending up in jail.

Bitcoin provides a lot more leverage with governments since it's not "anonymous by default". And thats for now. I wonder what governments will think of Bitcoin in 10 years. If they end up banning it all, there will probably be an huge black market that has replaced the ban on physical cash, as well as some land distant jurisdictions in which you can fly and establish your finances which will be wiling to operate with BTC derived fortunes. Other than that, I think all cryptos are going to be in trouble in most mainstream countries in the future.

As far as Chipmixer, not sure who runs the service but probably everything is hosted somewhere safe from regulations that could have an impact on it and he remains anonymous. If he has everything set on point it will be difficult for them to get it done. Max they could do right now is probably block it ISP wise but anyone that uses Chipmixer already uses Tor/VPN by default so no one will even notice.


Agreed, but using protonmail, Tor or even Tails, is not at the same level as using XMR. At the end of the day, the number 1 target for governments is tax evaders, this seems clear to me and I think to anyone that has some life experience. They want their cut and that's how it is. If you go into an exchange and do some crypto stuff that has XMR in the mix to boot, this will raise more alarms than the other examples you provided.

That's not at all what I said. You don't "have to resort to gift cards" with XMR but as with BTC and every other major cryptocurrency that option is a great way to make real-life use of it. The fee for services like Bitrefill is often 0%. Gift cards is one of the best ways to use crypto to pay for something in a pretty direct manner.


There's a ton of KYC-free exchanges and swapping services for XMR that makes cashing out BTC relatively painless but if you're not interested in looking for them, you'll never find them.

Using a DEX doesn't mean you don't follow legislation. It only means you avoid KYC and giving up self-custody.

Governments, even of the most oppressive regimes, have tried to ban it and did little.

I think there are two possible scenarios to explain how it's still up.

• ChipMixer is operating in a nearly completely anonymous background. They must be doing everything behind Tor in a manner the feds can't de-anonymize.
• ChipMixer is the feds.

The former looks more likely to me.

if using DEX to do silly day trading of btc to stable.. you can stay off the radar

if using DEX to do wire transfers.. then obviously your bank and the other persons bank is watching the wire transfers.

so dont be complacent thinking you are hiding 100% perfectly
and if not operating through a business account but doing many wires you will hit a threshold where banks will start to think your doing too many wires to be a "personal use" and start asking questions

alot of people thought that banks were just anti-bitcoin, truth WAS half that but now mostly its these things:
a. the sender sends fiat. then pretends their bank account was hacked and they want a charge-back/refund. which means receiver has to legitimise his receipt of fiat by revealing what was purchased.

b. sender innocently sending funds to lots of people on a personal account makes banks question the purpose of all these funds movements. treats sender as a business offering a service, thus questions the purpose

these usually mean situations evolve where DEX frequent swappers need to start keeping records like KYC to prove the person at the keyboard of the other side, was the account holder (asks for id and a selfie)
ends up needing to have a business account and register as a MSB aswell or have account closed

many dont see it happen straight away because if unpopular, unregular, insignificant amount/value of wire transfers stay under a threshold.. but when they get popular or people get too comfortable/complacent by doing regular trades on DEX , the flags add up

other flags like someone on a menial income suddenly having a massive $3m deposit or lots of multiple deposits that add up way beyond a salary.. raises some flags

It appears that yesterday hodlonaut had some back and forth with LukeDasher via twitter to assert that LukeDasher was misleading people and claiming that there were no ways to keep bitcoin secure

Hodlonaut says:

>>> According to
@LukeDashjr
 there is no way to prevent your bitcoin from being stolen. No safe way to store bitcoin.

Reckless misinformation/FUD, and a huge 🚩
<<<<<

https://twitter.com/hodlonaut/status/1615033789956202496

That sounds quite BS coming from a Bitcoin Core developer, to be honest, considering that he neither used a seed phrase nor a hardware wallet to store his 200 bitcoins. But I also think Hodlonaut is jumping the gun here and exaggerating a bit, as the screenshots he posted are not words to that effect.

in that tweet debate just posted.
luke said how his private keys were not compromised to an internet using PC..

luke however did expose his wallet to the internet back in september because we can see he was spending funds in september and sending them to a change address he had in said wallet..
. he also had a wave of hacks happening throughout november-december. and knew the hacker was tailoring the attacks specifically for lukes systems

luke also had to rebuild-recompile a new version of knots because that got compromised too meaning he knows he was compromised.

i understand humans make mistakes, but to say bitcoin is insecure rather then admit he is human.. doesnt play well with me either
he would rather pretend he is the infallible god and bitcoin is broke. pfft.

Yes, I was thinking something similar to you NotATether in terms of hodlonaut putting words into LukeDasher's mouth, but then I see Luke's responses and he kind of just goes along with those characterizations.. so yeah, sometimes the fights and the characterizations of the position of the other person are not really fair.... yet it is was interesting to see that back and forth including that AdamBack jumped in to defend aspects of Luke's eccentricities.

that's why you use a DEX because you don't like dealing with Centralized Exchanges. doesn't mean you're an outlaw. i thought that was understood though. :-X

Luke is one of those guys that won't back down even if deep down he knows he is wrong about something, I've seen enough of his ideas that he clings so desperately and won't accept any criticisms over it so I wouldn't be surprised for him to shift the blame but saying that nothing can be done when you're targeted that's beyond going overboard!  As if wasn't bad enough that a core developer has lost his bitcoins in the hack, now the same developer hinting nobody can be really safe it's just too much!

The only good thing is that the media hasn't cached up with this or it's not paying attention at all, and hopefully it never does as it will turn into a real shitshow.

Has it actually been confirmed that Luke had his money moved yet and that it isn't just his PGP key and twitter are compromised?

I'm somewhat surprised he hasn't already posted here to give a bit of an update as to what may have happened so people can help figure it out.

Luke, care to share any update please?

I am thinking of two possible explanations for this - either he was targeted by some group or maybe he is just pretending that his BTC was stolen because he wants to anticipate possible moves from governments which will ban "unhosted" wallets.
Two years ago (https://www.coincenter.org/how-i-learned-to-stop-worrying-and-love-unhosted-wallets/#:~:text=Over%20the%20past%20year%2C%20governments%20around,disrupt%20and%20dismantle%20illicit%20financial%20networks.&text=Over%20the%20past%20year%2C,dismantle%20illicit%20financial%20networks.&text=past%20year%2C%20governments%20around,disrupt%20and%20dismantle%20illicit), governments around the world have expressed concern about the risks of illicit financial activities such as money laundering, terrorist financing, and the evasion of international sanctions arising from the use of “unhosted” wallets—software applications that allow users to conduct pseudonymous, personal transactions in crypto assets over the internet without the use of a financial intermediary. I wouldn't rule this out.

Agreed, which causes my thoughts to return to my skeptical me speculation that @NeuroticFish very much liked hehe.

https://bitcointalk.org/index.php?topic=5432665.msg61540539#msg61540539

My prediction, on 2025 lukedashjr will announce that he will quit from the development team. He might have already sold all his bitcoin before this announcement hehe. Also, @nutlidah's skepticism on why lukedashjr mixed his coins instead of using Monero. This might be because lukedashjr wants to sell his bitcoin as bitcoin without conversions.

Oh.. for this to be true you are assuming he still has control of his coins, which is one theory. I was referring to the alleged "hacker" as being the party who sent the coins to a well-surveilled mixer. Its an extremely clunky method of trying to break blockchain links in your coins these days and my main point was that several more effective alternatives now exist. One of which is swapping to XMR, which can always be swapped back to BTC. A lot of the privacy created as a result is only as good as the owner's future movement of their "clean" coins, of course.

to move to altcoin especially when handling more then grocery bag amounts(daily spend) is hard to do in DEX/defi without some large player on the other side of the swap to receive said swap. (and or more time consuming to churn through many small allotments)
trying to do it on a CEX without KYC is few and far between opportunities too

if you treat bitcoin mixer vs XMR swapping as a rated number of 'suspect/weirdo' number. xmr has a higher 'weirdo/suspect' level. so more reason why XMR swaps can lead to more notability

sometimes trying to hide behind walls and bushes when walking around in public, makes more people see your attempts of trying to hide.. and call you a weirdo or suspect.

trying to move lumps of $22k(1btc) is not easy in of itself and is another noticeable factor when using defi/dex
most people only wanna grab small petty amounts of fiat or swaps when using DEX/de-fi platforms
so seeing multiple attempts to move multiple $22k or $2.2k also becomes noticeable spam compared to just moving larger lumps legitimately/unnoticeably via other means

Not true. You just need to want to find them. If you don't, you won't.

Apparently Luke said somewhere that he used Bitcoin Knots wallet as his wallet to both store and transact, and that he kept it on the same laptop or in a computer that was connected to the internet during the transaction (he didn't craft the transaction in an offline computer that's airgapped and then broadcasted this into a node). Why? This would explain a point of failure, because I don't see how you can get hacked as long as the private keys were always in an airgapped environment (beside physical intervention but apparently this isn't the case here)

because probably 99% of bitcoin users don't "craft the transaction in an offline computer that's airgapped and then broadcasted this into a node" and luke falls into that category?


it's still possible but the exploit is different.  :o

There is always a tradeoff between security and convenience. Having a wallet on an air-gapped computer is certainly more secure, but it is also a lot more inconvenient.

As everyone should know, a hardware wallet goes a long way in increasing convenience without sacrificing much security.

imagine having 200 bitcoins or even 100 and not knowing that.  :o well i guess he knew but he didn't do anything about it...

i guess he had reasons to want to keep funds on legacy and not move them to segwit via seeded passphrase hardware wallet

i found that a surprising revelation too at the end of new year after his endless segwit promoting activity years prior

even i wonder what his reasons were for someone so segwit "pro" to avoid using it and prefer to hoard coin on legacy
his big mistake was not using legacy, it was re-using the same wallet from september-december thus exposing the keys to his online home-use PC

i know commonly OG's like to keep funds on known OG addresses as a form of trophy display of being able to long-hoard without moving. it could be that
or that segwit fails to do good "sign message"/validate message features in core
along with other unfinished things they forgot about to finalise full use of segwit functionality

Did he get any penny back? Or with all the knowledge and fame nothing seized?

It was not the expected one by the developer of bitcoin.Many hackers targeting the high holder of cryptocurrency to make huge money.Most of the crypto holders move their bitcoin to the cold storage and only few not doing it.Some people who was not alive and hold huge amounts of bitcoin on their wallet will be the first priority of the hacker.This news was very shocking one,the top most person not safe their holding bitcoin.The unacceptable one is it get easy hacked.

It appears that we have a news update.

Luke Dashjr might be suspecting that the hacker has attended an event called CoreDev Atlanta which was on October 2022. It was also mentioned before that Luke's security on his wallet was a very complicated procedure which it will certainly not be very shocking if the hacker is also a computer programmer that might be developing a project in bitcoin.



The U.S. FBI issued a subpoena demanding personal information of the attendees at a Bitcoin core developer event in 2022, according to Mike Schmidt, co-founder of Bitcoin non-profit Brink. The FBI subpoena is allegedly in connection with Bitcoin developer Luke Dashjr’s claim that he was stolen about 216 BTC in a hack.

“As part of the investigation into Luke Dashjr’s announced theft of his bitcoins, I received a subpoena from the FBI wanting information about attendees of the October 2022 CoreDev Atlanta event in the days before TABConf 2022,” said Schmidt, in an email screenshot posted Wednesday by mikeinspace, a pseudonymous X user. “I was legally advised to cooperate.”

Schmidt, who confirmed with The Block that he sent that email, said in the message to attendees that he had provided the FBI with their first and last names, GitHub usernames and email addresses. Schmidt also said that the FBI demanded that he not disclose the subpoena for a year, which expired shortly before he sent out the email.

“I do not have any details about the investigation or whether the subpoena was due to a targeted suspect or general information gathering as part of the investigation,” Schmidt added.

The Brink co-founder told The Block that he has not been in contact with the FBI since, and declined to comment on further details.

Source https://www.theblock.co/post/287939/fbi-luke-dashjr-btc-hack

With every interaction you make in the outside world or virtual world, you are risking your funds. That’s what I learned from this story. Sometimes knowing less people and having zero interaction with anyone is the best thing for you.

I’ve been getting scam/trojan emails for decades and I’ve never opened them. Most of them can’t make their way into my inbox because the email service is good at blocking them but some of them actually succeeded. And let me tell you, they are getting smarter. They started to construct these emails like it was coming from a friend.

One of these days as I get older and dumber I might click on that filth wondering what it has to tell me. 8)

Could happen to any of us.

We are only as good as our last win.

is everybody really taking the piss? Another boat accident.

---

what are the reasons you think he's not using segwit but is a segwit activist at the same time?

Yeah a boating accident where the FBI is involved and asking people's data. Do you have any idea what would happen to Luke if the Feds notice he was lying? (that's if he was lying which I doubt) He won't be seeing any day light for a long time probably.

People already mentioned that shit a year ago.

This is not a prank on a bitcoin forum, that's real life. When you lie to the authorities there will be serious consequences. Is there anyone who lied to the FBI and still got away in history? Sure. the question would be, is it worth it?

The amount mentioned in the OP was $3m at that time (216 btc, $15m now), is it worth going to prison to save $5m tax monney?

Would ya? Would yaaa?

---

Also don't do post bursting (post one after another without someone else says something first), that's against the forum rules.

Thank you for the tips on the post bursting. Well, FBI will investigate this case if you don't let them? He could tell the public he lost funds and not turn to FBI? Who said he has?

segwit was a rushjob to activate, sponsors had deadlines that devs had to be met, even Luke got a pay day for getting it activated before november 2017 corporate contract deadline, even if he didnt personally want it/use/trust it/ care about it as a utility.. money makes people do stupid things

---

as for LukeJr's/FBI stuff
seems this latest update assumes Luke JR compromised his keys/computer at that CoreDev Atlanta event

if he cant even remember how many people touched his device holding alot of coins(or access to remote server holding coin).. he should not have had that much coin on a device(or server with access via device) that so many people could touch

hindsight and all.. people should learn from others mistakes..
dont travel with hoards of coin. just take what you need
dont allow people to finger your devices, wallets or your pockets if you dont even know their names

Wow.
I didn't expect him to resort to FBI.
Yeah, this pretty much rules out the “boating accident theory”, as it ever was a true scenario here. Seems like a dumb strategy for an OG like Luke.
Or maybe he’s playing three-dimensional chess with the FEDS here, relying on very sophisticated obfuscating technologies here, to save the proverbial 5 million dollars.

What was stolen ?

btc as in bitcoin core ?

or some other kind of bitcoin:

as in:
bsv ? cw etc

I mean, FBI's still trying to be the good guys even though they're a part of an evil organization which is the US government and they can't really do anything about this because they need to deal with it as this is a crime and no way that you'd want to be dismissing this because I'm sure that Luke would escalate this by saying that the FBI is impartial and doesn't treat everyone equally. It's such a scary thing to me when this happens to people that are prominent in tech and are really good with technology, even if you're so good and vigilant with your security, it's funny how you can still be a victim of this kind of attacks, and it always makes me paranoid that if they can get attacked then I would be no match no matter how cautious I'll be with my security.

Bitcoins my friend, I don't think you can steal the bitcoin core.

It's interesting update and I only see it today.

Playing around many governmental authorities is not smart and I doubt that Luke planed to do this with this accident theory. He puts himself under investigation from authorities and if he lied, he will be in jail. It is real risk even I am not a lawyer and not live in the USA.

I didn't expect Luke to do that with FBI too. Three-dimensional chess with FBI, FED and more authorities look to be too much risky for Luke. If he initiates the three-dimensional chess, it's unbelievable.

Save tax? Unrealistic. In jail? More realistic.

I very much think that this will certainly be a normal reaction for anyone who has millions of his own property stolen from him. No can laugh at him or criticize him for calling the FBI. I assume that he is a tax payer, it is his right. Also for this case, Luke will never trick the FBI. He will certainly be caught and sent to prison. The guards might also think he is Sam Bankman Fried's lost twin hehehee.

https://i.ibb.co/zSXdndQ/B3-D8-FF5-F-23-F1-4683-8-FA0-FD449-EBA077-A.jpg

Sam Bankman or...

https://www.talkimg.com/images/2024/04/13/jGaoT.png

Sorry I had to do this.

---

I've found fillippone's reaction a bit weird too. What's wrong with calling the FBI? Isn't it their job to catch the criminals? Do we automatically convert to criminals when we use Bitcoin?  8) Our protector and savior the government save us from these bad people!

back in the days of the hack. many thought Ljr was doing a tax dodge by saying he lost funds to claim a tax loss rather then gains(some call these government seizure requests of things like someones guns/assets/taxes, as having a 'boating accident' where their registered guns/boat/taxes was lost to the sea)..
to avoid government seizure
so when resorting to asking FBI to find the hacker/funds, seems more like a real theft as oppose to a 'boating accident' tax seizure dodge

also many 'privacy guys' think bitcoin is all about trying to keep government agencies away from themselves and bitcoin

Have they managed to trace the stolen 216 BTC?

I would expect chain analysis to be involved in such a theft...

So was he not even using a passphrase? I'm assuming he wasn't using a multisig setup.

Hard to believe someone with his level of knowledge wasn't using something as simple as a passphrase. With the large amount of funds involved
and his advanced technical expertise he should have been using a multisig setup but if not then the next best thing would be a passphrase aka hidden wallet.

If Dashjr was using a passphrase there would be little chance anyone could get access to his bitcoin, even if they had his seedphrase.
The other possibility is that he was using a passphrase but stored it in the same location as his seedphrase, but that would totally defeat the purpose of a passphrase.

Your passphrase should be stored only in your head IMO.

by all accounts and use of common sense to stitch the stories/revelations together

he did not use seeds, he did not use passphrase.
he had funds on LEGACY private key(which pre-dates seeds) on a hotwallet accessible via a server, which was accessible via a device which he carried with him to a conference/meetup which he must have allowed strangers/multiple people access or exposure to

passphrases, seeds, private keys are only secure if they are cold stored(airgapped/physically not on a device)... and not in a active wallet of an open node thats is remotely accessible/stranger accessible

it doesnt matter in this case if its a passphrase, seed, private key if key(of any format) is in a node is operating as a hotwallet

eg a desktop login password is only as good as the human ensuring they log out when they step away from their desk

Why the fuck would you want to save an extra 5 million dollars in taxes if you had the chance to get most of your money, literally millions more, back? This isn't "All or Nothing".

There is no seedphrase. Bitcoin core doesn't have seedphrase.

Are you trying to create a controversy hehehehe? In any case, @fillippone's reaction is normal. I was talking about the people who were criticizing Luke loudly on social media. I reckon as a tax payer, any person should make his tax dollars work for him by asking for assistance from the government. In reality, the government should be there to assist anyone who needs this. This is a right of every citizen.  


If the FBI officer in charge on this case was a cryptocoin user, he might be shaking his head very vigorously in shock and this would appear to vibrate from all of the shaking.

https://i.ibb.co/gjP3TMg/7830-CEAA-8231-49-BC-9951-95083-B788956.jpg

Was there any rationale for Dashjr to be storing such a massive quantity of bitcoins in a hot wallet?

I had to look up bitcoin core wallet to get an idea how they work. The consensus on reddit seems to be they should not be used for long term storage or any large amounts of bitcoin.
They appear to be like any other hot wallet in terms of their level of security that is connected to the internet and should be treated like any other hot wallet--for temporary use and
only for smaller amounts, not long term storage of your life savings. What was he was thinking?

He wasn't using just any hot wallet but a legacy hot wallet to boot, which makes it even worse, as legacy software of any kind is usually less secure than more recent versions. Crazy!

actually legacy is stronger and more battle tested compared to more recent formats
satoshi in 2009 signed funds to hal feeney and done other signed events from the same address (half a dozen) and yet there is no no legacy data/validation/authorisation leakage which has been used for people to steal the fund that still are associated with that legacy address decades later
(many have tried bruting it)

newer formats have opcode additions that ignore checking for signatures(a flaw that has been exploited for other purposes), and also ways to replace transactions
which are weaknesses that have been exploited

also in regards to hot wallets
the amount in hotwallet is subjective. for instance although binance hoards 600k coin it has alot more then 100 coin as its hotwallet, they understand the risks of public access risk of way more then 100 coin, so they only put so much in hotwallet and have used their trade fee's to form a 'insurance' if said hotwallet was hacked(safu)

its recommended is to not risk more then you wish to lose and to take security precautions to mitigate risks* but thats general advice. its not to suggest having X on legacy in hot is more flawed technically compared to someone using 0.x or 10,000x
the amount does not weaken technical security.
*risks is more about personal loss emotional stress mitigation should X funds be lost

its more common sense
EG a leather wallet in your pocket containing fiat has the same security.
however you are more then likely to have funds stolen if you waved it around inview of strangers and/or then allowed strangers to put their hand in your pocket

point being if you put bank notes in a leather wallet and then had it open and accessible to the public. thats the risk.. not that the wallet itself is the risk

again common sense no one should wave their leather wallet around and let strangers have access to it, that was Ljr's failure

What do you mean by that?

His personal wallet was some kind of... faucet? :o

i mean from what is said from the latest update. he wants the FBI to investigate attendee's to the conference which he does not know everyone there.. so common sense he attended somewhere with strangers, where (is common sense suggested that) it was there where he had strangers somehow have access to his server to steal his keys or put exploit/trojan on server

it has nothing to do with faucets..
faucets have nothing to do with random people having access to keys, node.
a faucet is where the coin owner willingly donates out portions of his coin to random people that ask for donations