A Bitcoin Developer Allegedly Lost Over 200 Bitcoins 

Key takeaways:

• Bitcoin developer Luke Dashjr claimed that the PGP exploits led to the hacking of his bitcoin.
• The CEO of Binance, Changpeng Zhao, pledged assistance and promised that the exchange site will track and seize any stolen tokens.

Luke Dashjr, the Bitcoin core developer, announced to his 55k followers that his PGP key had been hijacked and the same event led to his BTC tokens being stolen.

A public encryption key is a PGP key. Emails and files can be encrypted and signed using a PGP key. A key pair consisting of a public key and a private key is generated when a PGP key is created.

PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin

— @[email protected] on Mastodon (@LukeDashjr) January 1, 2023

On December 31, Dashjr’s wallet carried out a number of outbound transactions totaling more than 200 BTC, resulting in an estimated asset loss worth $3.3 million at the time of writing.

Using the Bitcoin mixer CoinJoin, four transactions totaling a sizeable sum of Dashjr’s Bitcoins were sent to a wallet address. The address currently has 216.93 BTC, or almost $3.6 million, in it.

After gaining knowledge of the loss, the well-known coder voiced shock and surprise and interrogated why he couldn’t get through to anyone at the FBI or IC3. It’s very unbelievable for the crypto community to digest the fact that Dashjr, one of the most skilled individuals in the cryptocurrency industry has been subjected to an illegal act. 

The uncertainty around the amount of stolen bitcoin further makes Dashjr’s situation more difficult.

Many believe that a server Dashjr utilized may have been accessed in order to steal data, including the private keys to his bitcoin wallet. However, the specific nature of the attack has not yet been determined. Dashjr even said his server had been breached in November.

PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin

— @[email protected] on Mastodon (@LukeDashjr) November 17, 2022

Even on Christmas, hackers did not leave the core developer alone,   the server was breached again on the 25th, and Dashjr supplied IPs that were thought to have been involved in the attack. Sadly, the targeted attack was effective, and the hackers were able to take almost 200 Bitcoins.

PSA: Sigh. Someone did this again tonight, about 2 hours ago. #Bitcoin

Calling out @ColoCrossing for (AFAIK) dropping the ball on abuse investigation last time.

Also going to call out my server provider for dropping the ball on an internal audit, but I need a replacement first. https://t.co/K2zBaxkzYm

— @[email protected] on Mastodon (@LukeDashjr) December 25, 2022

Dashjr’s loss was recognized by CZ of Binance, who also promised that his team would keep an eye on the trading environment and freeze any stolen tokens.

Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have Law Enforcement (LE) relationships worldwide.

— CZ ???? Binance (@cz_binance) January 1, 2023

Many agree with the assertion made by Yearn Finance’s anonymous developer, Banteg, that the exploit might be a possible “supply chain attack.”

possibly a supply chain attack on bitcoin core developer https://t.co/j2ZR34GFiM

— banteg (@bantg) January 2, 2023

The speculation has also spurred a debate on self-custody, with some contending that although it isn’t always detrimental, users shouldn’t directly handle their keys. The FTX fiasco did encourage the community to exercise extreme caution when handling their coins.