franky1
Legendary
Offline
Activity: 4368
Merit: 4740
|
|
January 02, 2023, 06:30:40 AM Merited by JayJuanGee (1) |
|
speculated scenarios based on limited stuff said:
"email notifications from kraken/coinbase" maybe the hacker got to the coins he had on an exchange
or
he uploads binaries for his bitcoin knots node to his server from github. hacker replaced binary with compromised one. luke downloaded binary from server without checking (who actually checks their own work if you believe you were the one that uploaded it(why check the binaries twice)) and then put his keys into the compromised binary of bitcoinknots and "byebye bitcoinio"
both seem more plauible than a burglar entering his house.. again she would notice and not be questioning the how if his house was compromised
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
Wind_FURY
Legendary
Offline
Activity: 3066
Merit: 1916
|
|
January 02, 2023, 09:55:09 AM Merited by JayJuanGee (1) |
|
That's a coordinated/targeted-attack, and probably his way of securing the keys were not very good enough. I believe we should learn from this, and start using different paths/strategies to secure our keys. If you have your whole savings in Bitcoin it's probably better to use different wallets and secure them differently to confuse the attacker. Use - Hardware Wallets, Encrypted Wallets, and other wallets written down and secured through lock/key vaults.
|
| .SHUFFLE.COM.. | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ | . ...Next Generation Crypto Casino... |
|
|
|
ABCbits
Legendary
Offline
Activity: 3024
Merit: 7910
Crypto Swap Exchange
|
|
January 02, 2023, 10:06:18 AM Merited by vapourminer (2) |
|
--snip--
How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong? It depends on his cold wallet setup/usage. For example, using USB storage to transfer unsigned and signed transaction could be exploited by specifically designed malware. Maybe some quantum computer hacked his private key but why only go for 200btc when you could go for multiplies higher.
This is my biggest fear and the worst hypothesis for this case. Hackers having technology at their disposal to break the security of blockchain. The consequences of this would be much more impactful and harmful than a single person losing 200 BTC. It could be the end of bitcoin in this case, as no one would be safe anymore. It is said by 2030 quantum computers would be able to break encryption protocols, including of bitcoin. 1. It won't be end of Bitcoin if Bitcoin switch to quantum-resistant cryptography. 2. Bitcoin don't use encryption protocol, but digital signature and hash cryptography.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3808
Merit: 6529
Looking for campaign manager? Contact icopress!
|
|
January 02, 2023, 10:20:24 AM Merited by JayJuanGee (1) |
|
For example, using USB storage to transfer unsigned and signed transaction could be exploited by specifically designed malware.
Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm... While Peter Todd has confirmed the story, also on Twitter, I find it incredible and I still tend to think that's higher chance both Twitter accounts (Luke-Jr and Peter Todd) are compromised than all this story (including Luke calling on Twitter for FBI, come on...). Even more, no sign of this story on his Mastodon/BitcoinHackers account.
|
|
|
|
digaran
Copper Member
Hero Member
Offline
Activity: 1330
Merit: 899
🖤😏
|
|
January 02, 2023, 10:36:22 AM |
|
Well, that's just great, new year starting with this story for bitcoin, mixers are always involved in theft related to btc, they are going to mix and get away with it. Feeling sad for the guy.
|
🖤😏
|
|
|
MiliMil
|
|
January 02, 2023, 10:37:59 AM Merited by vapourminer (1) |
|
--snip--
How can a cold wallet be compromised? I thought the only way would be for the perpetrator to physically steal the cold wallet. Am I wrong? It depends on his cold wallet setup/usage. For example, using USB storage to transfer unsigned and signed transaction could be exploited by specifically designed malware. What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security. Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3808
Merit: 6529
Looking for campaign manager? Contact icopress!
|
|
January 02, 2023, 10:47:25 AM Merited by vapourminer (1) |
|
What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security. Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?
Get a hardware wallet. Or a SeedSigner device. ...Or set up both your cold storage and companion watch only hot wallet with Electrum on laptops with cameras, hence allowing you transfer those transactions (unsigned and signed) as QR code images. If you're adding a secondary cold storage: * you're doing it wrong * you've misunderstood something and need to read more However, this is off topic, if you have more questions please make a new topic with them.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3388
Merit: 6093
Crypto Swap Exchange🈺
|
|
January 02, 2023, 10:49:19 AM |
|
Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm...
To me, this story is incredible, that a man who should understand all the risks and secure his funds better than most is hacked in this way? If by any chance it was an online/hot wallet, everything would still make sense, but a cold wallet should be immune to all online attacks, even though @ETFbitcoin mentions a possible way to compromise such storage. It would be nice if everything was actually a consequence of Twitter's still poor security and that someone was playing a little with hacked profiles...
|
|
|
|
dkbit98
Legendary
Offline
Activity: 2380
Merit: 7470
|
|
January 02, 2023, 11:11:20 AM |
|
What would be the safest and most secure setup for a cold wallet? I am now unsure how to transfer from cold wallet to an online address without compromising security. Would it be possible to transfer BTC from cold wallet to another cold wallet and then send from that secondary cold wallet to an online address? That way my original cold wallet isn't connecting to the internet or being directly exposed?
You should be just fine if you keep Bitcoin in hardware wallet (Trezor, Passport, Bitbox, Keystone...) and keep seed phrase in secure way offline, but best protection is certainly using multisig setup. I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200. Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack. That is good. CZ from Binance has already replied to his tweet:
This is not good at all. We don't want Binance freezing coins all the time, and we already know that CZ would love to control Bitcoin blockchain and reverse transactions whenever he wants.
|
|
|
|
MiliMil
|
|
January 02, 2023, 11:24:32 AM |
|
Get a hardware wallet. Or a SeedSigner device. ...Or set up both your cold storage and companion watch only hot wallet with Electrum on laptops with cameras, hence allowing you transfer those transactions (unsigned and signed) as QR code images.
If you're adding a secondary cold storage: * you're doing it wrong * you've misunderstood something and need to read more
However, this is off topic, if you have more questions please make a new topic with them.
The QR code idea is genius. No need to be connected to the internet and therefore much more secure. I'll be binge reading a lot of articles and information in the next few days. Thanks.
|
|
|
|
BitcoinPanther
|
He should track and contact the exchanges asking them to freeze the funds incase the hacker tries to deposit in any of the top ones to convert the coins into stables.
That is good. CZ from Binance has already replied to his tweet:
Anyway, if it were a prank, why would anyone hack his Twitter account, and post a BTC address containing 200+ BTC received recently with no transactions ever sent? Speaking of CZ now this incident support his claim about self-custody being more risky. The follow up article after the initial report on the hack talks about the reaction of the community with regards to the incident of hacking. And now the reaction is negative because the issue of self-custody is being highlighted and many worry that even the core developer who should be knowledgeable on security has been hacked, what more their grandma's wallet. Other community members echoed the sentiment and highlighted that if it could happen to Dashjr, there would be “no nope” for their grandma. A Twitter user also brought mass adoption to the conversation. They believe that if a top Bitcoin developer cannot keep his wallet secure, mass adoption is a “pipe dream.” Other assumption thinks that the incident of is just a boating incident to avoid paying taxes[1]. Meanwhile, a few others appear to suggest it may not have been a hack at all, suggesting that someone had stumbled across the seed phrase somehow, or it was part of an unfortunate “boating accident” ahead of tax season.
A boating accident in this context is in reference to a running joke and meme originally used by gun enthusiasts, but since repurposed by the crypto community about people trying to avoid paying taxes by claiming they lost all their BTC in a “tragic boating accident.
[1] https://cointelegraph.com/news/bitcoin-core-developer-claims-to-have-lost-200-btc-in-hack
|
|
|
|
MiliMil
|
|
January 02, 2023, 11:34:27 AM Merited by JayJuanGee (1) |
|
You should be just fine if you keep Bitcoin in hardware wallet (Trezor, Passport, Bitbox, Keystone...) and keep seed phrase in secure way offline, but best protection is certainly using multisig setup. I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200. Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.
Thanks for the tip. Will definitely look into it. Let's assume Luke is being truthful and did get hacked. How hard is it going to be for the hacker to turn those BTC into cash? I saw a tweet where CZ said if they are moved to Binance they will be frozen. I'm assuming other major crypto reserves will do the same since an online footprint has been left behind?
|
|
|
|
NotATether
Legendary
Offline
Activity: 1750
Merit: 7306
In memory of o_e_l_e_o
|
|
January 02, 2023, 12:43:28 PM |
|
You should be just fine if you keep Bitcoin in hardware wallet (Trezor, Passport, Bitbox, Keystone...) and keep seed phrase in secure way offline, but best protection is certainly using multisig setup. I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200. Using dedicated computer for anything related with Bitcoin is also good, but I think Luke was targeted for some time and they just waited for the right moment to attack.
Thanks for the tip. Will definitely look into it. Let's assume Luke is being truthful and did get hacked. How hard is it going to be for the hacker to turn those BTC into cash? I saw a tweet where CZ said if they are moved to Binance they will be frozen. I'm assuming other major crypto reserves will do the same since an online footprint has been left behind? Considering this is a Bitcoin developer we are dealing with, they are going to take this matter very seriously. It's not like he's going to get stonewalled by endless layers of customer support bots & human reps like us ordinary plebs do...
I admit that I haven't fully grokked all the details about this so I'll be investigating more about this event.
|
|
|
|
MiliMil
|
|
January 02, 2023, 12:58:15 PM |
|
Considering this is a Bitcoin developer we are dealing with, they are going to take this matter very seriously. It's not like he's going to get stonewalled by endless layers of customer support bots & human reps like us ordinary plebs do...
I admit that I haven't fully grokked all the details about this so I'll be investigating more about this event.
lol you are right though, the only reason Luke is getting so much assistance and help (which I am happy about) is because he is a high profile individual. I've seen countless threads online where similar things have happened albeit with much less BTC and it is not taken seriously.
|
|
|
|
fillippone
Legendary
Online
Activity: 2310
Merit: 16479
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
January 02, 2023, 01:08:21 PM |
|
Well this is a bad story.
200 BTC are huge money for most of us, but Luke Himself said it' a "large" part, not "all" of his Bitcoins.
Two consequences: 1.A lot of bad FUD will come out of this story. "if even an OG bitcoin- core developer" cannot take his Bitcoin safe, who on Earth will be able to do so?" 2.Many of us will review practices to become more responsible managing satoshi. A long overdue review of all the processes involving UTXO manipulation will be carried out by most of us, following this new. And this is a good thing.
|
|
|
|
2double0
Legendary
Offline
Activity: 2618
Merit: 1105
|
|
January 02, 2023, 01:19:31 PM |
|
A question arose on the point of security and how secure can we keep our keys and Bitcoins safe, if it's not even safe at our home. If a core dev like Luke can lose his btc stored since a long time, then anybody here will panic and will try to find the best possible way to store their coins so not to become a victim of such a consequence.
I'm feeling extremely sad on Luke's part but as we have never held 200 btc (most of us) till date, I don't think we are capable of knowing how he must be thinking atm.
|
|
|
|
franky1
Legendary
Offline
Activity: 4368
Merit: 4740
|
|
January 02, 2023, 01:32:45 PM |
|
I am surprised that Luke didn't use Multisig, that is must have for anyone that is dealing with larger amount of Bitcoin, like in his case with over 200.
like myself. i have hoards from earlier years. that have not been moved. so due to lack of multisig in early years it wouldnt have been put on multisig when first received. and (even i havnt) bothered to move coins from old stash if using multisig when its just you using all the keys. multisig ais a little pointles because you have to bring the keys together into one computer to compute address and also to make spends. thus pointless using becasue the keys would be just as compromised multisog is only useful for multiple parties to sign separately in separate locations and then only need to append signature to a raw tx ... coins were not on a hardware wallet. as that also requires moving coins from old addresses he said he had alot of old legacy keypairs, some on a hot wallet and some backed up in physical form(paper wallet, usb stick) stored in a physical house-safe he said he doesnt have a hardware wallet or airgapped pc.
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
fillippone
Legendary
Online
Activity: 2310
Merit: 16479
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
January 02, 2023, 01:48:32 PM |
|
like myself. i have hoards from earlier years. that have not been moved. so due to lack of multisig in early years it wouldnt have been put on multisig when first received. and (even i havnt) bothered to move coins from old stash
As I said, this story will have te positive fallout of making us reconsider why we "didn't bother" to do something. Not stating that multisig is the right choice, but the "didn't bother to..." is the wrong one. Every action, or every non action, means there is a need of an assessment of risks.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3388
Merit: 6093
Crypto Swap Exchange🈺
|
|
January 02, 2023, 02:11:28 PM Merited by vapourminer (2) |
|
A question arose on the point of security and how secure can we keep our keys and Bitcoins safe, if it's not even safe at our home. If a core dev like Luke can lose his btc stored since a long time, then anybody here will panic and will try to find the best possible way to store their coins so not to become a victim of such a consequence.
I don't understand why anyone would panic and feel insecure at this moment, because no one hacked Bitcoin, but one man obviously made a wrong step somewhere and now he paid the price for it. The fact is that such a thing shouldn't have happened to a person like him, but it shouldn't have happened to the computer scientist whose HDD ended up in the trash, or to the engineer who forgot the device password and now only has a few attempts before the device resets. People have always been and will remain the weakest link in any setup, no matter how secure it may seem at some point.
|
|
|
|
fillippone
Legendary
Online
Activity: 2310
Merit: 16479
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
January 02, 2023, 02:13:14 PM Merited by JayJuanGee (1) |
|
The transaction weren't conjoined. If there were a conjoin he wouldn't possibly be traced to a final address. He might mean that PART of the input in those transactions are his original UTXO? 1YAR.. is not an address under his control, so the heuristic claiming all the funds are from this hack has to be proven. For sure, he is not adding clarity to this story.
|
|
|
|
|