Bitcoin developer @lukedashjr's wallet was hacked

[bitmover]

Two consequences:
1.A  lot of bad FUD will come out of this story. "if even an OG bitcoin- core developer" cannot take his Bitcoin safe, who on Earth will be able to do so?"
2.Many of us will review practices to become more responsible managing satoshi. A long overdue review of all the processes involving UTXO manipulation will be carried out by most of us, following this new. And this is a good thing.

I have been thinking about the consequences as well, but I think this is all FUD.

This is probably Luke's fault. He is human. He knows a lot, and probably trusted more than he should in his skills.

Did he had all those 3 million USD in the same wallet? Why didn't he put in at least 5 different wallets?
Was he betrayed by someone close to him?

The main problem imo is that this is good for CZ and Binance.

Recently CZ was saying that "99% of people today holding crypto themselves will end up lose it"

Fonte: https://twitter.com/BTC_Archive/status/1603413440948834305

So, a few days later, a Bitcoin Core dev just lose it. In my local board there are already people saying that people should keep their funds in exchanges because it might be safer. Well, it is not!

This is an isolated case, and bitcoin is not at risk, and people should still be using hardware wallets to protect their money (IMO)

[1714002549]

1714002549

[1714002549]

1714002549

[1714002549]

1714002549

[suzanne5223]

I read some of Luke Dash jr tweets relating to the comprised wallet and he said " If you're using a very old #Bitcoin Knots, it might expire today. Don't upgrade it. Instead, add to your bitcoin.conf file:softwareexpiry=0 or just wait to upgrade and use it until the dust settles."
I have no tech knowledge about Bitcoin core development but could this be that his wallet comprised attack all started from a dust attack?

This is why I always advise people to always use privacy services when moving cryptocurrency to their holding wallets. For the record doing this through Crypton Exchange only cost a few cents and the withdrawal are instant with no daily limit.

[Emitdama]

I think it's better to rely on a good and old notebook than on any digital devices...

Notebooks can be damaged easily by natural calamities so there is still a danger on storing our keys there but a good one would be to embed them on some stainless metal. Hardware wallets is good too but we should only use the popular brands only to be sure that they are safe.

That's a coordinated/targeted-attack, and probably his way of securing the keys were not very good enough. I believe we should learn from this, and start using different paths/strategies to secure our keys. If you have your whole savings in Bitcoin it's probably better to use different wallets and secure them differently to confuse the attacker. Use - Hardware Wallets, Encrypted Wallets, and other wallets written down and secured through lock/key vaults.

It is said that it was a bitcoin developer so it's somehow surprising if he didn't store his coins properly but we can't also underestimate the hackers. This news wasn't alone though but there are even exchanges who got hacked and we know that exchanges do also have a better security because they hold a lot of cryptos. The amount lost by the guy isn't small so will definitely learn from this and use a different approach to secure his coins.

[MysteryMiner]

Am I only one who find this amusing? Remember, Luke Dash-Junior is the fukker responsible for 51% attack against CoiledCoin by abusing mining pool power controlled by him.

Also, still nobody managed to hack me and steam my coins. And I am confident that nobody will be able. I am better in computer security than Luke.

[dezoel]

It's definitely a sign that none of the cryptos at just a singular place is safe, no matter if it is in your ledger or on your pc or anything else. Singular place is always terrible.

Many people claim that "not your keys not your coins" because of exchange hackings, but at the same time if you end up putting it on binance, do you really think that binance will be hacked so big that they will fail to pay the customers? They have so much money that you could empty all of their hot wallets today, and their cold wallets would still cover everyone's funds. That is why I highly believe that they are going to be the best case if you want to safely secure your coins.

[MysteryMiner]

It's definitely a sign that none of the cryptos at just a singular place is safe, no matter if it is in your ledger or on your pc or anything else. Singular place is always terrible.

Many people claim that "not your keys not your coins" because of exchange hackings, but at the same time if you end up putting it on binance, do you really think that binance will be hacked so big that they will fail to pay the customers? They have so much money that you could empty all of their hot wallets today, and their cold wallets would still cover everyone's funds. That is why I highly believe that they are going to be the best case if you want to safely secure your coins.

You could just send your coins to me for safekeeping. I also will not bend to LEA if ordered to freeze your coins. Single place is OK as long as it is only Your control and nobody else.

[fillippone]

This is probably Luke's fault. He is human. He knows a lot, and probably trusted more than he should in his skills.

Complacency. This is the root cause of all this.
Thinking you are safe, make you do stupid things.
For example not moving your coins when you had the proof of a successful attack to your servers.

Did he had all those 3 million USD in the same wallet? Why didn't he put in at least 5 different wallets?

Those aver very old UTXO from a time when there were no such things as "wallets" , or proper HD ones. 

In the  compromised wallet.dat (now I get the irony of your question), there were UTXO with unrelated private keys, if this is what you are asking for.

[bbc.reporter]

For example, using USB storage to transfer unsigned and signed transaction could  be exploited by specifically designed malware.

Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm...

While Peter Todd has confirmed the story, also on Twitter, I find it incredible and I still tend to think that's higher chance both Twitter accounts (Luke-Jr and Peter Todd) are compromised than all this story (including Luke calling on Twitter for FBI, come on...). Even more, no sign of this story on his Mastodon/BitcoinHackers account.

Do not attack me for this, however for the skeptical me, another argument mentioned in Luke's thread that made sense was it was done to make everything appear like a hack so Luke can use it to write off taxes. Before you shake your heads on me, I am only saying it makes sense, I am not accusing him. I know Luke is a religious and a God fearing person who will never do something shameful only to avoid paying taxes. If this was Justin Sun it would be different hehehehe.

[MysteryMiner]

For example, using USB storage to transfer unsigned and signed transaction could  be exploited by specifically designed malware.

Everything looks more than sloppy for a Bitcoin Developer. Surreal. Hot wallet is possible, but a dev's cold wallet... hmm...

While Peter Todd has confirmed the story, also on Twitter, I find it incredible and I still tend to think that's higher chance both Twitter accounts (Luke-Jr and Peter Todd) are compromised than all this story (including Luke calling on Twitter for FBI, come on...). Even more, no sign of this story on his Mastodon/BitcoinHackers account.

Do not attack me for this, however for the skeptical me, another argument mentioned in Luke's thread that made sense was it was done to make everything appear like a hack so Luke can use it to write off taxes. Before you shake your heads on me, I am only saying it makes sense, I am not accusing him. I know Luke is a religious and a God fearing person who will never do something shameful only to avoid paying taxes. If this was Justin Sun it would be different hehehehe.

God ordered to hide his taxes from heathen government. Also God commanded him to hack CoiledCoin as well as smear blockchain with religious ramblings.

Being religious does not make person or his action good. Crusaders are perfect example from history.

[franky1]

ever since november Luke has been saying periodically how his server is being bombarded by hack attempts .. not just the PGP key compromise of november 17th but even a few times in december and on christmas day he was getting attacked.. and then on new years realising his coins had gone.

i beleive he probably backed up his server to a home PC(incase of ddos taking server down/needing to switch servers) where there was probably a virus on the server. he was also looking into a new server service so was most definitely ready to copy data from server A to a server B if he found one.. which also points to me thinking he backed up his serve at a home PC(bringing a virus along with it)

.. reading through tweens again.. and the story fits

november

PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
1:01 pm · 17 Nov 2022

Confirmed presence of new malware/backdoors on the system, no evidence yet that it was used for anything, but be extra extra careful.

Further investigation is suggesting this is not a bog standard trojan, but something created specifically for compromising my server.😓

december

PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
1:01 pm · 17 Nov 2022

PSA: Sigh. Someone did this again tonight, about 2 hours ago. #Bitcoin

Calling out
@ColoCrossing
 for (AFAIK) dropping the ball on abuse investigation last time.

Also going to call out my server provider for dropping the ball on an internal audit, but I need a replacement first.

So... Any trustworthy companies offering affordable dedicated servers?

Currently paying $55/mo for:
- 4-core SMT2 CPU
- 2 TB storage (really need to upgrade this too)
- 24 GB RAM
- Unmetered networking
- 28 IPv4 addresses across 3 subnets (only need 1 + separate lone IP)

[Hispo]

-snip-

Thanks for bringing this information, it is actually a good theory but for now I am personally interested in the fact some sources are mentioning cold wallets/addresses were involved in this theft.
Has he given any other statement about any of that? Because I am not even know how that is possible without him accidentally compromising his keys.

At first, I thought this was a Twitter hack, but now it does not seem like it...

[franky1]

-snip-

Thanks for bringing this information, it is actually a good theory but for now I am personally interested in the fact some sources are mentioning cold wallets/addresses were involved in this theft.
Has he given any other statement about any of that? Because I am not even know how that is possible without him accidentally compromising his keys.

At first, I thought this was a Twitter hack, but now it does not seem like it...

OG people call hot wallets a wallet that is active on a server where the public have access to it..(exchanges and service providers)
a cold wallet is one thats independent and less accessible(such as home PC that may/may not go online..)

EG
your home full node is deemed a cold wallet
compared to CEX deposit&withdrawal nodes/bitnodes.com/bitDNSseed nodes which are hot

offline wallets are deemed 'airgapped' / hardware wallets

[adaseb]

-snip-

Thanks for bringing this information, it is actually a good theory but for now I am personally interested in the fact some sources are mentioning cold wallets/addresses were involved in this theft.
Has he given any other statement about any of that? Because I am not even know how that is possible without him accidentally compromising his keys.

At first, I thought this was a Twitter hack, but now it does not seem like it...

OG people call hot wallets a wallet that is active on a server where the public have access to it..(exchanges and service providers)
a cold wallet is one thats independent and less accessible(such as home PC that may/may not go online..)

EG
your home full node is deemed a cold wallet
compared to CEX deposit&withdrawal nodes/bitnodes.com/bitDNSseed nodes which are hot

offline wallets are deemed 'airgapped' / hardware wallets

Never knew that. I assumed cold always mean hardware wallet and air gapped electrum setup. Didn’t expect it to mean it’s a hot wallet on its own node which you are hosting.

Because that’s obviously not safe since there could always be some exploit, even on an secure Linux system and the thief will have access to your wallet.dat file essentially.

He said that he never trusted hardware wallets or perhaps even wallets such as electrum you can run on cold storage. And I guess he figured he is better off using his online wallet for Bitcoin storage rather than a wallet created by a third party which is open source.

[Smartprofit]

This is truly an unprecedented event!  From such an experienced developer in the field of blockchain, hackers managed to steal a large sum of money in Bitcoins....

At the same time, Bitcoin Core developers themselves give recommendations on the safe storage of the first cryptocurrency on their website.  Most Bitcoin users are guided by these recommendations when choosing one or another wallet to store their coins. 

In my opinion, this means acknowledging the fact that there is no completely secure way to store Bitcoins.  It is necessary to use all available methods to minimize the existing risks of losing cryptocurrency.

[LoyceV]

The main problem imo is that this is good for CZ and Binance.

All the more reason not to believe anything he says.

In my local board there are already people saying that people should keep their funds in exchanges because it might be safer. Well, it is not!

None of that makes sense. Many exchanges have disappeared with their users' money, and indeed, some people lose their Bitcoins on their own. But let's compare the ratio: there are much more Bitcoins in self-custody than in exchange wallets. Let's not forget that Binance can take a user's funds whenever they want.

Self-custody is difficult though, and I've never been 100% satisfied with the balance between "not losing access" and "someone else gaining access".

[digaran]

Should he be removed from bitcoin development team? It seems this could have a negative impact on bitcoin as a whole. Just my opinion.

[nullama]

~snip~
In my opinion, this means acknowledging the fact that there is no completely secure way to store Bitcoins.  It is necessary to use all available methods to minimize the existing risks of losing cryptocurrency.

Luke was using an old wallet(no seed). If he would have started today, he would have used an air-gapped device to generate a seed.

The specific setup he used is not the recommended as of 2023 really, although it was the best at the time.

Basically, if your private key is never ever exposed to the Internet in any way, then those Bitcoins are going to be as safe as they can be.

[DdmrDdmr]

The only way I can think of this happening is in a non-standard storage configuration:
- PGP key is used to encrypt multiple Bitcoin private keys

That’s part of the hypothesis I was toying with, but that we can discard apparently, as he sets the two, PGP and bitcoin theft, as unrelated losses (although likely tied to the same set of events):
https://twitter.com/LukeDashjr/status/1610088091968061442

I’m not sure if I’ve skipped part of his explanations somewhere, but I don’t believe we’ve yet seen how those bitcoins private keys were protected on his (not so) cold wallet:
https://twitter.com/LukeDashjr/status/1609864852104675333

It’s possible that, believing his storage solution to be never in contact with the internet, the private keys were not really encrypted there (?).

[franky1]

Luke was using an old wallet(no seed). If he would have started today, he would have used an air-gapped device to generate a seed.

The specific setup he used is not the recommended as of 2023 really, although it was the best at the time.

Basically, if your private key is never ever exposed to the Internet in any way, then those Bitcoins are going to be as safe as they can be.

ok so surprise to me. looking into it. i thought it was some old.. OLD stash of coins from an old.. OLD addresses (as it was said they were legacy and "seeds did not exist then")
and he was one of the biggest proponents of segwit.. yet in 2019-2022 was still using legacy.. (much like sipa stil does for donations)
(im not gonna go into the irony/hypocrisy of many debates about the whole ideational some devs had for segwit but not end up using it themselves.. ops just did)

however the coins that were lost were majority coins from a wallet that was shuffling and spending coins from 2019-september 2022..

so here is a short version of spends
there was a tx of 191btc UTXO in september 2022 to spend 20btc to give back change of 171btc
https://www.blockchain.com/explorer/transactions/btc/471c3bd4fc9cbaaa4dddd7f21acb070702723b2d03759066835c367d26667fd5

where the 171btc change, along with some other coins from other addresses then got raided at new years to send funds to a coinjoin(1YAR address)
https://www.blockchain.com/explorer/transactions/btc/432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930

(im not calling it a coinjoin, luke said the 1YAR address was a coinjoin)

so its now known he did expose keys to the internet in september 2022

..
as for the supposed 'coinjoin mixer' scenario luke hints.. strange thing is his raided coins went into the 1YAR address.. but have not moved out.

which does not sound like a mixer to me, usually mixers move coins out within 24-48 hours(max) of going in.. the dont stash/hoard coins for long

[NeuroticFish]

I tend to believe more and more it's a prank.

* The story is still only on Twitter and not on Mastodon, although it tells everywhere "Mastodon preferred"
* Stealing from the cold storage would be possible only if the user would be more than incredibly sloppy/uncautious.
* I don't think that somebody for so long in Bitcoin would ask for FBI help, and also would not do it on Twitter.
* Luke Dash Jr is (proudly!) asking for donations for his work; was he indeed owning 200 BTC ?!

I *know* that Peter Todd has confirmed the story, but the things still don't add up.

as for the supposed 'coinjoin mixer' scenario luke hints.. strange thing is his raided coins went into the 1YAR address.. but have not moved out.

Yes, that too; I've followed some of those transactions and it looks more a consolidation of funds than anything else.