- Long-standing Bitcoin Core developer Luke Dashjr has had ₿200 worth over $3 million stolen
- Dashjr’s PGP key was compromised and the coins taken on New Year’s Eve
- The complex self-custody storage solution may have been his downfall
Long-standing Bitcoin Core developer Luke Dashjr has had ₿200 worth over $3 million stolen after his PGP key was compromised. Dashjr, who has been developing Bitcoin code since 2011, revealed on Twitter the “nightmare” of having the funds stolen on New Year’s Eve after his PGP key was accessed, allowing hackers to access his Bitcoin haul. The event is a sad reminder that even the most complex security systems can have flaws, and that sometimes simple is best.
“No Idea” How Hack Happened
Dashjr revealed the hack yesterday in real time, watching the coins getting sent to a mixing service where their origins were obscured:
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— @[email protected] on Mastodon (@LukeDashjr) January 1, 2023
Unlike many Bitcoin users who employ simple methods such as mobile or hardware wallets to store their coins, Dashjr was a user of more complex systems, including the use of several servers. In fact, he revealed back in November that his server had been accessed by an “unknown person” and, ironically, asked anyone downloading his Bitcoin Knots software to “take extra care that you PGP-verified any downloads.”
In the tweet thread, Dashjr said that he had “no idea” how his PGP key had been compromised or if it was related to November’s attack on his systems, although he said that “Server can’t get at local workstation”, suggesting that the hack wasn’t related. He added that he had reported the incident to law enforcement but that they “didn’t care”. Prominent figures such as Binance CEO Changpeng Zhao said they would help where they could, but with the coins being mixed there doesn’t seem much hope for getting them out.
Complex Isn’t Always Better
What’s particularly galling is that Dashjr is such a Bitcoin expert, and so if anyone should have known how to keep their bitcoin safe it would be him. However, such knowledge can actually make one more paranoid of the dangers that are around, leading to the kind of complex self-custody that needs protection through PGP keys.
If Dashjr had protected his bitcoin with a quality hardware wallet it is very unlikely that he would have suffered an exploit such as this, so less technically proficient Bitcoin users shouldn’t suddenly start to feel unsafe about their storage choices.