Bitcoin developer loses $3.3 million in massive hack

A Bitcoin core developer has had his server hacked after his security key was compromised. The hacker has supposedly stolen over 200 BTC, worth around 3.3 million dollars.

Luke Dashjr, a developer who works on Bitcoin Core, the technology and security behind the cryptocurrency, has lost over 200 Bitcoins in an apparent hack.

According to Dashjr’s Twitter, the PGP key (Pretty Good Privacy) was compromised and allowed the hacker to loot his Bitcoin from the computer they were being stored on.

PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin

— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023

A PGP key is an encryption method that utilizes two different keys to lock away information. Dashjr has identified the Bitcoin wallets that some of the money was sent to, but as of yesterday, claims it has all gone.

Dashjr had been targeted in an attempted smash-and-grab on his Bitcoin stash earlier in the year but brushed it off after investigating. On his Mastodon, Dashjr stated he had “purged the backdoors” implemented in the attack, but couldn’t find any evidence of it being used.

Dashjr also deleted a tweet in regards to his “cold wallet”. This is a type of Bitcoin wallet that is kept offline to ensure maximum security. Dashjr questioned whether or not it was “Maybe not as cold as intended?”

According to another developer, Peter Todd, Dashjr’s active PC runs a Linux distro called Gentoo. This was also where he stored his “hot” Bitcoin wallet. A hot wallet is one that is actively connected to the internet and can be accessed at any time.

If a compromised piece of software made it on, as Dashjr suspects, then it was an inevitability of it getting stolen and not a targeted attack.

FYI I've confirmed that this is real and not a Twitter hack via a mutual friend.

IIUC he used Gentoo as his desktop and didn't keep different activities separated. So backdoored software is one of many ways this could happen; he may not have been targeted.

Use @QubesOS people. https://t.co/51PuGbJabX

— Peter Todd/mempoolfullrbf=1 (@peterktodd) January 1, 2023

Even the CEO of Binance, Changpeng Zhao, stated on Twitter that “Self-custody [has] a different set of risks”.

Suspicions around the lost Bitcoin

In response to his loss, user beeforbacon1 called it a “Top tier boating accident.” This in-joke alludes to claiming your cash was lost in a boating accident to avoid paying tax on it.

On Reddit, the hack has been discussed in detail, including some of the participants alluding to this being part of Dashjr’s habit of being a “serial grifter”.

In 2017, a fundraiser was set up to collect money for Dashjr’s house. People pointed out that with his amount of Bitcoin – at the time in 2017 it was at a peak of $19,511 per BTC – he would have insurance and be able to cover the costs himself.

At the time, another user monitored the wallet activity and saw the 3.5 BTC sent for upgrading the internet access to the house – a stretch goal – never left the wallet.

Others on Reddit have pointed out that this happening close to the tax season in the US is suspicious.