tl;dr: I've confirmed that this is real and not a Twitter hack. Unfortunately Luke's setup was pretty standard. But that's not good enough; there's a good chance that Luke wasn't even specifically targeted, and non-govt actors could have definitely done the hack.
Complacency is a big threat to security, and we're all vulnerable to it.
Qubes OS would provide substantial separation between each application (e.g. so that Firefox can't touch Bitcoin Core). This is the only good option when you can only have one computer.
The other option would be to have multiple computers -- each being used for one major purpose (e.g. a Bitcoin computer, a software development computer, a gaming/browsing computer).
Could you ask him to provide as much detail of his set up? He keeps saying he doesn't know how the bitcoin was stolen, but we know his full setup we may able to find a weakness.
He reported a server of his having been compromised less than two months ago:
PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
Security practices that might have been adequate in 2013 (by necessity with essentially no alternative) incur significant risk if still employed a decade later. Sorry to learn this occurred, but it most definitely did not have to.
Looking through Luke's comments on Twitter, it seems like his cold storage keys kept "in a physical safe" have also been comprimised. Almost all bitcoin gone.
Let's hope this is just an elaborate boating accident claim.
The answer could be more simple than all these hacks theories. You are a PUBLIC, core developer working in Bitcoin for years, you obviously hold a bunch of BTC. In that case you are a target for professionals, not only in cyberspace, but also in the physical world.
His Twitter profile says a lot about him, where he lives, what he's doing. This happening during the holidays... Is it possible someone breaking in his house and find the seed written down? The Twitter profile says this guy is a devote catholic. You don't need to be Sherlock Holmes to try look for the seed "kept by God" inside a bible or behind a cross. Definitely easier than robing a bank.
If you hold $10M in BTC, you have 2 options: or nobody knows who you are, or you have your house secured at ScarFace level.
Luke may have reused the computer he created his original private keys on. He says his offspring is using the computer he created the private keys with. Should have used and incognito OS.
Agreed. We should be cautious for now... Luke had allegedly server breach issues couple months back that definitely sounded like a work of three letter agency.
(fwiw Bitcoin meetups often have fed agents... not even hiding)
why he kept so many of his BTC in a hot wallet (I can't believe he doesn't know the 3 level rule)
why he "announce" this on twitter (maybe even his twitter acc is compromised by the same guys and this "announcement" is a trap)
Even if would be a gov agency game, why Luke? He's not a so "high ranking profile"
I think there's something more that we still don't know or if he's the real one posting this, maybe is hiding something or not telling all the story, and just want some attention.
This kind of stuff you don't make noise on twitter, but in private with well trusted peers.
Use the three level stash method:
A. HODL = your "central bank" with most of your stash, your reserve bank, barely moving it, onchain in deep cold storage
B. CACHE = your "commercial bank" with medium size amounts, for redistributing to HODL and SPEND, onchain and LN, nodes channels etc
C. SPEND = your spending pockets, with small amounts, enough to cover your regular spending, LN, with funding source from your "CACHE bank".
Right... And you've stated "The original file is in a safe place (online)", and you've confirmed that this isn't the original file.
Just saying, you're making fun of a guy for keeping lots of sats in a hot wallet that was compromised because his encryption key was stolen, when you've also got a wallet sitting on the open internet, thinking your encryption key can't similarly be stolen.
Please try.
I will put it even easier for you: in one of my substack articles, I put just 12 words.
In wide open.
Find them if you can and you will open 1BTC wallet.
Using my inability to pull off the same kind of professional targeted hack that Luke fell victim to as evidence of your own wallet security is a weak argument.
Sometimes the most complicated methods are the ones "hacked" or leaked.
My method still stay strong.
I just told you: you can even find 12 words in one of my guides, in wide open.
If you are able to find them and put the right order, you get your prize of 1BTC.
This is bad for the community. How best can we secure our keys so that this doesn't happen to noobs who level of security isn't up to a Bitcoin Core developer?
How best can we secure our keys so that this doesn't happen to noobs who level of security isn't up to a Bitcoin Core developer?
Being a Bitcoin Core developer means nothing. I've seen security researchers fall for basic phishing emails, a Bitcoin Core developer failing at basic opsec is comparable
Hardware wallets, used as instructed, are FAR safer than Luke's hot wallet scheme. He said he has to trust someone else to get to his coins... So retarded...
My comments: https://twitter.com/peterktodd/status/1609655629903265795
tl;dr: I've confirmed that this is real and not a Twitter hack. Unfortunately Luke's setup was pretty standard. But that's not good enough; there's a good chance that Luke wasn't even specifically targeted, and non-govt actors could have definitely done the hack.
Complacency is a big threat to security, and we're all vulnerable to it.
Peter, can you expand on why/how Qubes would help?
Qubes OS would provide substantial separation between each application (e.g. so that Firefox can't touch Bitcoin Core). This is the only good option when you can only have one computer.
The other option would be to have multiple computers -- each being used for one major purpose (e.g. a Bitcoin computer, a software development computer, a gaming/browsing computer).
Luke has been around for a while. Many of his wallets didn't have a seed:
That means that most people today would not have his setup at all, and instead they would create a seed on an air-gapped computer.
Could you ask him to provide as much detail of his set up? He keeps saying he doesn't know how the bitcoin was stolen, but we know his full setup we may able to find a weakness.
As if it was about complacency rather than personal indolence...
I bet he looks at websites with too much visible skin.
Bitcoin crypto is secure and unbroken. It must be his own fault.
Why do you feel the need to specify "non-govt actors"?
I hope it's a “boat accident” 😵💫
That's the best case scenario. Almost inspirational if so.
This would be a legendary move lol. Should we all get “hacked”?
I think that's the ticket
Wasn't on an airgapped device?
Not multisig?
He reported a server of his having been compromised less than two months ago:
https://twitter.com/LukeDashjr/status/1593227756841578496 [Nitter]
Security practices that might have been adequate in 2013 (by necessity with essentially no alternative) incur significant risk if still employed a decade later. Sorry to learn this occurred, but it most definitely did not have to.
Looking through Luke's comments on Twitter, it seems like his cold storage keys kept "in a physical safe" have also been comprimised. Almost all bitcoin gone.
Let's hope this is just an elaborate boating accident claim.
The answer could be more simple than all these hacks theories. You are a PUBLIC, core developer working in Bitcoin for years, you obviously hold a bunch of BTC. In that case you are a target for professionals, not only in cyberspace, but also in the physical world.
His Twitter profile says a lot about him, where he lives, what he's doing. This happening during the holidays... Is it possible someone breaking in his house and find the seed written down? The Twitter profile says this guy is a devote catholic. You don't need to be Sherlock Holmes to try look for the seed "kept by God" inside a bible or behind a cross. Definitely easier than robing a bank.
If you hold $10M in BTC, you have 2 options: or nobody knows who you are, or you have your house secured at ScarFace level.
I'm probably wrong, but definitely a possibility.
Exactly, the more public you are, the more hackers are trying to figure out how to hack you. BTW he said the stolen bitcoins were in a hot wallet.....
or you pretend you got robbed.
This whole thing is weird: https://bitcoinscoresby.com/wp-content/uploads/2023/01/LD.png
Luke may have reused the computer he created his original private keys on. He says his offspring is using the computer he created the private keys with. Should have used and incognito OS.
view on twitter.comVery pathetic!
Calling out for daddy government - but what did I expect from a sedevacantist - they're traitors with no backbone so this is to be expected.
I bet It's his own fault. Maybe visiting shady websites or giving access to his computer in any other way.
I've never heard of Sedevacantism before, but today I learned.
I found this quite fishy... something is not right.
Agreed. We should be cautious for now... Luke had allegedly server breach issues couple months back that definitely sounded like a work of three letter agency.
(fwiw Bitcoin meetups often have fed agents... not even hiding)
We know, they know that we know...
What sounds me fishy is that:
I think there's something more that we still don't know or if he's the real one posting this, maybe is hiding something or not telling all the story, and just want some attention. This kind of stuff you don't make noise on twitter, but in private with well trusted peers.
He said it was not a hot wallet. He said no keys were online. So somehow his process was compromised.
The guy is extremely strange and almost unable to communicate. He probably did something very weird with his cold wallet private key.
Wait... what's the 3 level rule?
I think he meant what is explained here: https://darthcoin.substack.com/p/bitcoin-be-your-own-bank-think-like
Yes, indeed, that is a very important guide. Also in this one https://darthcoin.substack.com/i/49446128/conclusion
Fishy indeed... I wouldn't expect Luke jr to store his private key online and ask the FBI and a shitcoiner for help
Another option could be his Twitter has been hacked (via LastPass hack?)
Is well known that Elon is working hand in hand with FBI. He's just pretending to be "the good guy"... Could be one of his "maneuvers"...
Well, one does go fishing on a boat.
These kind of "stories" scare the crap out of me.
LOL Luke... you didn't read Darth guides (your father) 😂😂😂😂 https://postimg.cc/Nyt3PZDB
https://darthcoin.substack.com/p/bitcoin-be-your-own-bank-think-like
Use the three level stash method: A. HODL = your "central bank" with most of your stash, your reserve bank, barely moving it, onchain in deep cold storage
B. CACHE = your "commercial bank" with medium size amounts, for redistributing to HODL and SPEND, onchain and LN, nodes channels etc
C. SPEND = your spending pockets, with small amounts, enough to cover your regular spending, LN, with funding source from your "CACHE bank".
I agree. It's his own fault. He might be a smart developer in Bitcoin but doesn't get it 💩💩
Haven't you admitted to keeping a jpeg w/ bitcoin in it on a cloud? Or am I remembering that wrong?
This one? Yes, please take the 1BTC from it if you can 😂😂😂
https://postimg.cc/G9HBK82f
Right... And you've stated "The original file is in a safe place (online)", and you've confirmed that this isn't the original file.
Just saying, you're making fun of a guy for keeping lots of sats in a hot wallet that was compromised because his encryption key was stolen, when you've also got a wallet sitting on the open internet, thinking your encryption key can't similarly be stolen.
Please try. I will put it even easier for you: in one of my substack articles, I put just 12 words. In wide open. Find them if you can and you will open 1BTC wallet.
thank you for your service
Using my inability to pull off the same kind of professional targeted hack that Luke fell victim to as evidence of your own wallet security is a weak argument.
Sometimes the most complicated methods are the ones "hacked" or leaked. My method still stay strong.
I just told you: you can even find 12 words in one of my guides, in wide open. If you are able to find them and put the right order, you get your prize of 1BTC.
hfsp
This is bad for the community. How best can we secure our keys so that this doesn't happen to noobs who level of security isn't up to a Bitcoin Core developer?
Being a Bitcoin Core developer means nothing. I've seen security researchers fall for basic phishing emails, a Bitcoin Core developer failing at basic opsec is comparable
It's also bad because all the dirty CEX practitioners will be all over this like a rash saying keep your Bitcoin safe with us
This is highly suspect
Good question https://nitter.at/shortnon_btc/status/1609628613506129921#m
Press F
If you use a hardware wallet, this can't happen, right?
Hardware wallet is safe if you didnt write the seed down somewhere else where it got compromised ✌🏻✌🏻
Hardware wallets, used as instructed, are FAR safer than Luke's hot wallet scheme. He said he has to trust someone else to get to his coins... So retarded...
Who is this ic3 and what does this message mean:
432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930 c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190 4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851 50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6
those are 4 transaction ids, you can look them up on a block explorer
Yeah that's not Luke?
Daamn