Bitcoin developer @lukedashjr's wallet was hacked

[Jason Brendon]

If Dashjr was using a passphrase there would be little chance anyone could get access to his bitcoin, even if they had his seedphrase.
Your passphrase should be stored only in your head IMO.

There is no seedphrase. Bitcoin core doesn't have seedphrase.

[1714851842]

1714851842

[1714851842]

1714851842

[bbc.reporter]

The guards might also think he is Sam Bankman Fried's lost twin hehehee.

Sam Bankman or...



Sorry I had to do this.

Wow.
I didn't expect him to resort to FBI.
Yeah, this pretty much rules out the “boating accident theory, as it ever was a true scenario here. Seems like a dumb strategy for an OG like Luke.
Or maybe he’s playing three-dimensional chess with the FEDS here, relying on very sophisticated obfuscating technologies here, to save the proverbial 5 million dollars.

I very much think that this will certainly be a normal reaction for anyone who has millions of his own property stolen from him. No can laugh at him or criticize him for calling the FBI.

I've found fillippone's reaction a bit weird too. What's wrong with calling the FBI? Isn't it their job to catch the criminals? Do we automatically convert to criminals when we use Bitcoin?   Our protector and savior the government save us from these bad people!

Are you trying to create a controversy hehehehe? In any case, @fillippone's reaction is normal. I was talking about the people who were criticizing Luke loudly on social media. I reckon as a tax payer, any person should make his tax dollars work for him by asking for assistance from the government. In reality, the government should be there to assist anyone who needs this. This is a right of every citizen.  

So was he not even using a passphrase? I'm assuming he wasn't using a multisig setup.

Hard to believe someone with his level of knowledge wasn't using something as simple as a passphrase. With the large amount of funds involved
and his advanced technical expertise he should have been using a multisig setup but if not then the next best thing would be a passphrase aka hidden wallet.

If Dashjr was using a passphrase there would be little chance anyone could get access to his bitcoin, even if they had his seedphrase.
The other possibility is that he was using a passphrase but stored it in the same location as his seedphrase, but that would totally defeat the purpose of a passphrase.

Your passphrase should be stored only in your head IMO.

by all accounts and use of common sense to stitch the stories/revelations together

he did not use seeds, he did not use passphrase.
he had funds on LEGACY private key(which pre-dates seeds) on a hotwallet accessible via a server, which was accessible via a device which he carried with him to a conference/meetup which he must have allowed strangers/multiple people access or exposure to

If the FBI officer in charge on this case was a cryptocoin user, he might be shaking his head very vigorously in shock and this would appear to vibrate from all of the shaking.

[headingnorth]

So was he not even using a passphrase? I'm assuming he wasn't using a multisig setup.

Hard to believe someone with his level of knowledge wasn't using something as simple as a passphrase. With the large amount of funds involved
and his advanced technical expertise he should have been using a multisig setup but if not then the next best thing would be a passphrase aka hidden wallet.

If Dashjr was using a passphrase there would be little chance anyone could get access to his bitcoin, even if they had his seedphrase.
The other possibility is that he was using a passphrase but stored it in the same location as his seedphrase, but that would totally defeat the purpose of a passphrase.

Your passphrase should be stored only in your head IMO.

by all accounts and use of common sense to stitch the stories/revelations together

he did not use seeds, he did not use passphrase.
he had funds on LEGACY private key(which pre-dates seeds) on a hotwallet accessible via a server, which was accessible via a device which he carried with him to a conference/meetup which he must have allowed strangers/multiple people access or exposure to

passphrases, seeds, private keys are only secure if they are cold stored(airgapped/physically not on a device)... and not in a active wallet of an open node thats is remotely accessible/stranger accessible

it doesnt matter in this case if its a passphrase, seed, private key if key(of any format) is in a node is operating as a hotwallet

eg a desktop login password is only as good as the human ensuring they log out when they step away from their desk

If Dashjr was using a passphrase there would be little chance anyone could get access to his bitcoin, even if they had his seedphrase.
Your passphrase should be stored only in your head IMO.

There is no seedphrase. Bitcoin core doesn't have seedphrase.

Was there any rationale for Dashjr to be storing such a massive quantity of bitcoins in a hot wallet?

I had to look up bitcoin core wallet to get an idea how they work. The consensus on reddit seems to be they should not be used for long term storage or any large amounts of bitcoin.
They appear to be like any other hot wallet in terms of their level of security that is connected to the internet and should be treated like any other hot wallet--for temporary use and
only for smaller amounts, not long term storage of your life savings. What was he was thinking?

He wasn't using just any hot wallet but a legacy hot wallet to boot, which makes it even worse, as legacy software of any kind is usually less secure than more recent versions. Crazy!

[franky1]

actually legacy is stronger and more battle tested compared to more recent formats
satoshi in 2009 signed funds to hal feeney and done other signed events from the same address (half a dozen) and yet there is no no legacy data/validation/authorisation leakage which has been used for people to steal the fund that still are associated with that legacy address decades later
(many have tried bruting it)

newer formats have opcode additions that ignore checking for signatures(a flaw that has been exploited for other purposes), and also ways to replace transactions
which are weaknesses that have been exploited

also in regards to hot wallets
the amount in hotwallet is subjective. for instance although binance hoards 600k coin it has alot more then 100 coin as its hotwallet, they understand the risks of public access risk of way more then 100 coin, so they only put so much in hotwallet and have used their trade fee's to form a 'insurance' if said hotwallet was hacked(safu)

its recommended is to not risk more then you wish to lose and to take security precautions to mitigate risks* but thats general advice. its not to suggest having X on legacy in hot is more flawed technically compared to someone using 0.x or 10,000x
the amount does not weaken technical security.
*risks is more about personal loss emotional stress mitigation should X funds be lost

its more common sense
EG a leather wallet in your pocket containing fiat has the same security.
however you are more then likely to have funds stolen if you waved it around inview of strangers and/or then allowed strangers to put their hand in your pocket

point being if you put bank notes in a leather wallet and then had it open and accessible to the public. thats the risk.. not that the wallet itself is the risk

again common sense no one should wave their leather wallet around and let strangers have access to it, that was Ljr's failure

[cryptosize]

again common sense no one should wave their leather wallet around and let strangers have access to it, that was Ljr's failure

What do you mean by that?

His personal wallet was some kind of... faucet?

[franky1]

again common sense no one should wave their leather wallet around and let strangers have access to it, that was Ljr's failure

What do you mean by that?

His personal wallet was some kind of... faucet?

i mean from what is said from the latest update. he wants the FBI to investigate attendee's to the conference which he does not know everyone there.. so common sense he attended somewhere with strangers, where (is common sense suggested that) it was there where he had strangers somehow have access to his server to steal his keys or put exploit/trojan on server

it has nothing to do with faucets..
faucets have nothing to do with random people having access to keys, node.
a faucet is where the coin owner willingly donates out portions of his coin to random people that ask for donations