1143 sats \ 7 replies \ @petertodd 1 Jan 2023
My comments: https://twitter.com/peterktodd/status/1609655629903265795
tl;dr: I've confirmed that this is real and not a Twitter hack. Unfortunately Luke's setup was pretty standard. But that's not good enough; there's a good chance that Luke wasn't even specifically targeted, and non-govt actors could have definitely done the hack.
Complacency is a big threat to security, and we're all vulnerable to it.
reply
192 sats \ 1 reply \ @phaedrus 2 Jan 2023
Peter, can you expand on why/how Qubes would help?
reply
30 sats \ 0 replies \ @orthzar 3 Jan 2023
Qubes OS would provide substantial separation between each application (e.g. so that Firefox can't touch Bitcoin Core). This is the only good option when you can only have one computer.
The other option would be to have multiple computers -- each being used for one major purpose (e.g. a Bitcoin computer, a software development computer, a gaming/browsing computer).
reply
26 sats \ 0 replies \ @nullama 3 Jan 2023
Luke has been around for a while. Many of his wallets didn't have a seed:
That means that most people today would not have his setup at all, and instead they would create a seed on an air-gapped computer.
reply
1 sat \ 0 replies \ @LowFeesBuddy 2 Jan 2023
Could you ask him to provide as much detail of his set up? He keeps saying he doesn't know how the bitcoin was stolen, but we know his full setup we may able to find a weakness.
reply
1 sat \ 1 reply \ @benstern 1 Jan 2023
As if it was about complacency rather than personal indolence...
reply
0 sats \ 0 replies \ @tomlaies 2 Jan 2023
I bet he looks at websites with too much visible skin.
Bitcoin crypto is secure and unbroken. It must be his own fault.
reply
0 sats \ 0 replies \ @SevenOfNine 2 Jan 2023
Why do you feel the need to specify "non-govt actors"?
reply
295 sats \ 3 replies \ @pi 1 Jan 2023
I hope it's a βboat accidentβ π΅βπ«
reply
15 sats \ 2 replies \ @siggy47 1 Jan 2023
That's the best case scenario. Almost inspirational if so.
reply
11 sats \ 1 reply \ @ski 2 Jan 2023
This would be a legendary move lol. Should we all get βhackedβ?
reply
12 sats \ 0 replies \ @siggy47 2 Jan 2023
I think that's the ticket
reply
376 sats \ 0 replies \ @cointastical 1 Jan 2023
Wasn't on an airgapped device?
Not multisig?
He reported a server of his having been compromised less than two months ago:
https://twitter.com/LukeDashjr/status/1593227756841578496 [Nitter]
Security practices that might have been adequate in 2013 (by necessity with essentially no alternative) incur significant risk if still employed a decade later. Sorry to learn this occurred, but it most definitely did not have to.
reply
201 sats \ 0 replies \ @scampy 2 Jan 2023
Looking through Luke's comments on Twitter, it seems like his cold storage keys kept "in a physical safe" have also been comprimised. Almost all bitcoin gone.
Let's hope this is just an elaborate boating accident claim.
reply
239 sats \ 2 replies \ @Hermit 1 Jan 2023
The answer could be more simple than all these hacks theories. You are a PUBLIC, core developer working in Bitcoin for years, you obviously hold a bunch of BTC. In that case you are a target for professionals, not only in cyberspace, but also in the physical world.
His Twitter profile says a lot about him, where he lives, what he's doing. This happening during the holidays... Is it possible someone breaking in his house and find the seed written down? The Twitter profile says this guy is a devote catholic. You don't need to be Sherlock Holmes to try look for the seed "kept by God" inside a bible or behind a cross. Definitely easier than robing a bank.
If you hold $10M in BTC, you have 2 options: or nobody knows who you are, or you have your house secured at ScarFace level.
I'm probably wrong, but definitely a possibility.
reply
1 sat \ 0 replies \ @iguano 2 Jan 2023
Exactly, the more public you are, the more hackers are trying to figure out how to hack you.
BTW he said the stolen bitcoins were in a hot wallet.....
reply
0 sats \ 0 replies \ @AngeloMetal 3 Jan 2023
or you pretend you got robbed.
reply
189 sats \ 0 replies \ @Scoresby 2 Jan 2023
This whole thing is weird:
https://bitcoinscoresby.com/wp-content/uploads/2023/01/LD.png
reply
177 sats \ 0 replies \ @nym 2 Jan 2023
Luke may have reused the computer he created his original private keys on. He says his offspring is using the computer he created the private keys with. Should have used and incognito OS.
reply
195 sats \ 1 reply \ @tomlaies 2 Jan 2023
Very pathetic!
Calling out for daddy government - but what did I expect from a sedevacantist - they're traitors with no backbone so this is to be expected.
I bet It's his own fault. Maybe visiting shady websites or giving access to his computer in any other way.
reply
9 sats \ 0 replies \ @nym 2 Jan 2023
I've never heard of Sedevacantism before, but today I learned.
reply
170 sats \ 9 replies \ @DarthCoin 1 Jan 2023
I found this quite fishy... something is not right.
reply
123 sats \ 5 replies \ @nout OP 1 Jan 2023
Agreed. We should be cautious for now... Luke had allegedly server breach issues couple months back that definitely sounded like a work of three letter agency.
(fwiw Bitcoin meetups often have fed agents... not even hiding)
reply
41 sats \ 4 replies \ @DarthCoin 1 Jan 2023
We know, they know that we know...
What sounds me fishy is that:
- why he kept so many of his BTC in a hot wallet (I can't believe he doesn't know the 3 level rule)
- why he "announce" this on twitter (maybe even his twitter acc is compromised by the same guys and this "announcement" is a trap)
- Even if would be a gov agency game, why Luke? He's not a so "high ranking profile"
I think there's something more that we still don't know or if he's the real one posting this, maybe is hiding something or not telling all the story, and just want some attention.
This kind of stuff you don't make noise on twitter, but in private with well trusted peers.
reply
10 sats \ 0 replies \ @clownworld 3 Jan 2023
He said it was not a hot wallet. He said no keys were online. So somehow his process was compromised.
The guy is extremely strange and almost unable to communicate. He probably did something very weird with his cold wallet private key.
reply
0 sats \ 2 replies \ @decentmoney2009 1 Jan 2023
Wait... what's the 3 level rule?
reply
10 sats \ 1 reply \ @ek 1 Jan 2023
I think he meant what is explained here:
https://darthcoin.substack.com/p/bitcoin-be-your-own-bank-think-like
reply
0 sats \ 0 replies \ @DarthCoin 2 Jan 2023
Yes, indeed, that is a very important guide.
Also in this one
https://darthcoin.substack.com/i/49446128/conclusion
reply
1 sat \ 1 reply \ @Lost_dogz 1 Jan 2023
Fishy indeed... I wouldn't expect Luke jr to store his private key online and ask the FBI and a shitcoiner for help
Another option could be his Twitter has been hacked (via LastPass hack?)
reply
0 sats \ 0 replies \ @DarthCoin 1 Jan 2023
Is well known that Elon is working hand in hand with FBI.
He's just pretending to be "the good guy"...
Could be one of his "maneuvers"...
reply
0 sats \ 0 replies \ @ursuscamp 2 Jan 2023
Well, one does go fishing on a boat.
reply
215 sats \ 0 replies \ @jimblogic 1 Jan 2023
These kind of "stories" scare the crap out of me.
reply
71 sats \ 10 replies \ @DarthCoin 2 Jan 2023
LOL Luke... you didn't read Darth guides (your father) ππππ
https://i.postimg.cc/1zVy4QNn/3level-stash.jpg
https://darthcoin.substack.com/p/bitcoin-be-your-own-bank-think-like
Use the three level stash method:
A. HODL = your "central bank" with most of your stash, your reserve bank, barely moving it, onchain in deep cold storage
B. CACHE = your "commercial bank" with medium size amounts, for redistributing to HODL and SPEND, onchain and LN, nodes channels etc
C. SPEND = your spending pockets, with small amounts, enough to cover your regular spending, LN, with funding source from your "CACHE bank".
reply
31 sats \ 0 replies \ @kilianbuhn 2 Jan 2023
I agree. It's his own fault. He might be a smart developer in Bitcoin but doesn't get it π©π©
reply
0 sats \ 8 replies \ @frostdragon 3 Jan 2023
Haven't you admitted to keeping a jpeg w/ bitcoin in it on a cloud? Or am I remembering that wrong?
reply
0 sats \ 7 replies \ @DarthCoin 3 Jan 2023
This one?
Yes, please take the 1BTC from it if you can πππ
https://i.postimg.cc/RCTcMwzv/cats-stego.jpg
reply
0 sats \ 6 replies \ @frostdragon 3 Jan 2023
Right... And you've stated "The original file is in a safe place (online)", and you've confirmed that this isn't the original file.
Just saying, you're making fun of a guy for keeping lots of sats in a hot wallet that was compromised because his encryption key was stolen, when you've also got a wallet sitting on the open internet, thinking your encryption key can't similarly be stolen.
reply
0 sats \ 5 replies \ @DarthCoin 3 Jan 2023
Please try.
I will put it even easier for you: in one of my substack articles, I put just 12 words.
In wide open.
Find them if you can and you will open 1BTC wallet.
reply
0 sats \ 0 replies \ @nym 6 Jan 2023
thank you for your service
reply
0 sats \ 3 replies \ @frostdragon 3 Jan 2023
Using my inability to pull off the same kind of professional targeted hack that Luke fell victim to as evidence of your own wallet security is a weak argument.
reply
0 sats \ 2 replies \ @DarthCoin 3 Jan 2023
Sometimes the most complicated methods are the ones "hacked" or leaked.
My method still stay strong.
I just told you: you can even find 12 words in one of my guides, in wide open.
If you are able to find them and put the right order, you get your prize of 1BTC.
reply
0 sats \ 1 reply \ @frostdragon 3 Jan 2023
hfsp
view replies
75 sats \ 2 replies \ @fred 2 Jan 2023
This is bad for the community. How best can we secure our keys so that this doesn't happen to noobs who level of security isn't up to a Bitcoin Core developer?
reply
223 sats \ 0 replies \ @tomlaies 2 Jan 2023
Being a Bitcoin Core developer means nothing. I've seen security researchers fall for basic phishing emails, a Bitcoin Core developer failing at basic opsec is comparable
reply
20 sats \ 0 replies \ @shyfire 3 Jan 2023
It's also bad because all the dirty CEX practitioners will be all over this like a rash saying keep your Bitcoin safe with us
reply
1 sat \ 0 replies \ @cigarette 2 Jan 2023
This is highly suspect
reply
0 sats \ 0 replies \ @DarthCoin 3 Jan 2023
Good question
https://nitter.at/shortnon_btc/status/1609628613506129921#m
reply
0 sats \ 0 replies \ @slatheredloss 2 Jan 2023
Press F
reply
0 sats \ 2 replies \ @lunanto 2 Jan 2023
If you use a hardware wallet, this can't happen, right?
reply
1 sat \ 0 replies \ @kilianbuhn 2 Jan 2023
Hardware wallet is safe if you didnt write the seed down somewhere else where it got compromised βπ»βπ»
reply
0 sats \ 0 replies \ @Coinosphere 3 Jan 2023
Hardware wallets, used as instructed, are FAR safer than Luke's hot wallet scheme. He said he has to trust someone else to get to his coins... So retarded...
reply
0 sats \ 1 reply \ @ek 1 Jan 2023
Who is this ic3 and what does this message mean:
432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930
c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190
4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851
50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6
reply
78 sats \ 0 replies \ @bitcoiner_since_2013 2 Jan 2023
those are 4 transaction ids, you can look them up on a block explorer
reply
0 sats \ 0 replies \ @faithandcredit 1 Jan 2023
Yeah that's not Luke?
reply
0 sats \ 0 replies \ @Tenuki 1 Jan 2023
Daamn
reply