A Bitcoin OG and core developer Luke Dashjr claims his PGP key was compromised, resulting in virtually all his Bitcoin being stolen from him on Dec. 31.
One of the original core developers behind Bitcoin (BTC), Luke Dashjr, claims to have lost “basically” all his BTC as a result of a hack that occurred just before the new year.
In a Jan. 1 post on Twitter, the developer said the alleged hackers had somehow gained access to his PGP (Pretty Good Privacy) key, a common security method that uses two keys to gain access to encrypted information.
In the thread, he shared a wallet address where some of the stolen BTC had been sent but did not reveal how much of his BTC was stolen in total.
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023
At the time of writing the wallet address in question shows four transactions between 2:08 and 2:16 pm UTC on Dec. 31, totalling 216.93 BTC — worth $3.6 million at current prices.
Dashjr said he had “no idea how” the attackers gained access to his key, though some in the community have pointed to a possible connection with an earlier Twitter post from Dashjr on Nov. 17 that noted that his server had been compromised by “new malware/backdoors on the system.”
PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) November 17, 2022
Dashjr told a user in his most recent Twitter thread that he had only noticed the recent hack after getting emails from Coinbase and Kraken about login attempts.
The incident has also caught the attention of Binance CEO Changpeng “CZ” Zhao, who offered condolences and support in a Jan. 1 post.
“Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have Law Enforcement (LE) relationships worldwide," he wrote.
Some in the crypto community have speculated that lax security might be to blame for the loss.
In a Jan. 1 Reddit thread, a user calling themselves SatStandard suggested that Dashjr may not have taken the Nov. 17 security breach “seriously enough” and later suggested that the Bitcoin developer “did not keep different activities separated.”
“He had hot wallet on the same computer he did everything else. It looks like he was really complacent.”
Meanwhile, a few others appear to suggest it may not have been a hack at all, suggesting that someone had stumbled across the seed phrase somehow, or it was part of an unfortunate “boating accident” ahead of tax season.
A boating accident in this context is in reference to a running joke and meme originally used by gun enthusiasts, but since repurposed by the crypto community about people trying to avoid paying taxes by claiming they lost all their BTC in a “tragic boating accident.”
Top tier boating accident.
— Nate (@beeforbacon1) January 1, 2023
Cointelegraph reached out to Dashjr over Twitter for more information about the alleged hack but did not hear back by the time of publication.
Related: The 10 largest crypto hacks and exploits in 2022 saw $2.1B stolen
The news has also ignited a debate around self-custody, which became a hot topic after the collapse of FTX last year.
Binance’s Zhao, who previously cautioned the crypto community about self-custody, said: “Sad to see even an OG #Bitcoin Core Developer lost 200+ BTC ($3.5 million). Self custody [has] a different set of risks.”
Online social media BTC influencer Udi Wertheimer also took the time to question whether self-custody was a viable and safe option, commenting that one “shouldn’t manage your own keys.”
“If even one of Bitcoin’s OG developers messes this up, I really don’t know how other people are expected to do it safely.”
“That’s not to say self custody is bad. But you shouldn’t manage keys directly,” he said.