Bitcoin developer claims loss of $3.3 million after PGP exploit

Bitcoin core developer Luke Dashjr claimed his wallet was hacked due to a Pretty Good Privacy (PGP) key compromise. Dashjr’s wallet had multiple outgoing transactions on Dec. 31, totaling over 200 BTC — with an estimated loss of assets worth $3.3 million at current market prices.

“My PGP key is compromised, and at least many of my bitcoins stolen,” Dashjr tweeted on Jan. 1, adding that they “have no idea how.” He did not say how exactly the attackers gained access to his PGP keys.

Pretty Good Privacy is a cryptographic method to encrypt and decrypt data. It can be used to encrypt information that is stored on a server — to protect against unauthorized access or tampering. Notably, keys generated via PGP can be used to verify a specific piece of data, such as the legitimacy of a software download.

While what exactly caused the exploit is not yet confirmed, many speculate a server Dashjr used may have been accessed to steal data, including private keys to his bitcoin wallet. In November, Dashjr noted that his server had been compromised.

The pseudonymous developer of Yearn Finance, Banteg, commented on Twitter the incident may be a potential “supply chain attack.” Supply chain attacks happen when a hacker enters and modifies software by injecting malicious code into a system. In this case, it’s possible that the hacker gained access to Dashjr’s server with the help of a compromised PGP key and later extracted the private key to his hot wallet connected to the server. However, a formal investigation is yet to confirm this. 

The incident has garnered a lot of attention. Binance CEO Changpeng Zhao said his team monitored the assets and would freeze them if sent to the centralized exchange. 

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Source: https://www.theblock.co/post/198688/bitcoin-developer-pgp-exploit?utm_source=rss&utm_medium=rss