Bitcoin Core developer Luke Dashjr was the victim of a hack that resulted in the theft of 216 bitcoins (BTC). The specialist himself told about the incident on his Twitter account.
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
– @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023
In his message, Luke Dashjr writes: “My PGP key has been compromised and at least a large portion of my bitcoins have been stolen. I don’t know how. Please help me.“PGP stands for Pretty Good Privacy, a privacy software that uses cryptography to protect information.
Later, in answers to his own message, he added that there was no longer “many“of bitcoins at risk, but that “almost all of them were taken“.
Nevermind many. It’s basically all gone
– @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023
According to the information shared by Luke Dashjr, the hacker used the CoinJoin privacy method to move the stolen funds to another address. With this tool, it is possible to mix the inputs and outputs of thousands of transactions so that it becomes impossible to identify and track the participants in each transaction.
Why did you check the balance so late? All 4 transactions happened in 4 minutes yesterday
– 🟣 ClubhouseLee (@clubhouselee) January 1, 2023
A user has asked Luke Dashjr why he checked his balance so late, given that the transactions in question had taken place hours earlier. The developer replied that he had been ill for several days and had noticed the situation because of repeated warnings from Coinbase and Kraken about attempted logins on his accounts.
Based on the current bitcoin price, according to the price index, the amount stolen from the Bitcoin Core developer is equivalent to more than $3.6 million USD.
Reactions to the Luke Dashjr hack
As a well-known figure in the bitcoiner scene, Luke Dashjr’s story has sparked the interest of other players. For example, one of them was developer and cryptographer Peter Todd.
FYI I’ve confirmed that this is real and not a Twitter hack via a mutual friend.
IIUC he used Gentoo as his desktop and didn’t keep different activities separate. So backdoored software is one of many ways this could happen; he may not have been targeted.
Use @QubesOS people. https://t.co/51PuGbJabX
– Peter Todd/mempoolfullrbf=1 (@peterktodd) January 1, 2023
In addition to confirming the story of Luke Dashjr and providing some technical details, Todd wrote: “Anyone can become complacent. It happens even to experts. It takes a concentrated, long-term effort to fight complacency and do the extra work necessary to ensure safety.“
Regarding the use of PGP, Todd stated that PGP “is annoying to use, but it is necessary“. He also explained that he chooses to store his PGP keys on hardware devices and also explained that his PGP master key “Is on a separate hardware/VM (virtual machines)“.
Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have Law Enforcement (LE) relationships worldwide.
– CZ 🔶 Binance (@cz_binance) January 1, 2023
Finally, Changpeng Zhao, CEO of the Binance exchange, also left his message to Luke Dashjr: “I’m sorry you lost so much. I have informed our security team to monitor. If it reaches us, we will freeze it. If there is anything we can help you with, please let us know. We deal with this problem often and have relationships with security forces around the world“, wrote the Chinese businessman.