Luke Dashjr, who claims to be “the longest contributing Bitcoin Core developer,” revealed that an unknown hacker had raided “basically all” of his Bitcoin holdings on New Year’s Day.
The total sum of Bitcoin stolen is unknown, but in a Twitter thread, Dashjr tracked “some of it” to a wallet address that received a little under 217 Bitcoin, or about $3.6 million at today’s price.
Dashjr blamed the hack of his Bitcoin wallet on a compromised PGP (Pretty Good Privacy) key and later, in a Reddit discussion, he stated that the attacker’s IP came from a ColoCrossing server. He was at a loss to explain how his cold wallets were compromised, but he said the last time he’d accessed them was in September.
Dashjr posted a followup tweet calling out ColoCrossing for allegedly “dropping the ball on abuse investigation last time” and he vowed to replace his server provider. Some responders also flagged up a security breach he tweeted about back in November as possibly being connected to the hack.
Dashjr continued to answer questions on Twitter, saying that he believes “everything is compromised,” even potentially his Twitter. He also strongly cautioned people against using Bitcoin Knots, a Bitcoin wallet signed by his own now-compromised PGP key. Dashjr also tweeted at the FBI for help, to no avail.
Binance CEO Changpeng “CZ” Zhao offered his support, saying that he had informed the exchange’s security team of the theft, and that if any crypto linked to the hack was sent to Binance, “we will freeze it.”
Self custody and security
Zhao immediately wrote a follow-up tweet linking to Dashjr’s thread as an example of the risks of holding cryptocurrency in self-custody wallets.
Self-custody solutions include a variety of different software and hardware platforms, and can broadly be categorized as things like hot wallets (online software wallets), cold (hardware) wallets and DeFi exchanges. The latter two have seen heightened interest from consumers throughout the industry’s ongoing insolvency crisis, also known as “Crypto Winter.”
As contagion from the historic collapses of Terra and FTX spread in a year where record numbers of cybertheft were reported, people increasingly looked towards getting their balances off of accounts controlled by centralized entities, like exchanges and lenders, and onto self-custody solutions.
After billions of dollars worth of crypto were withdrawn from Binance in a single day, Changpeng Zhao took to a Twitter Spaces talk to warn that “99% of people” will lose crypto that they hold using self-custody solutions.
Stay on top of crypto news, get daily updates in your inbox.
Source: https://decrypt.co/118231/bitcoin-core-dev-loses-at-least-3-6-million-btc-to-hack