tl;dr: I've confirmed that this is real and not a Twitter hack. Unfortunately Luke's setup was pretty standard. But that's not good enough; there's a good chance that Luke wasn't even specifically targeted, and non-govt actors could have definitely done the hack.
Complacency is a big threat to security, and we're all vulnerable to it.
reply
Peter, can you expand on why/how Qubes would help?
reply
Qubes OS would provide substantial separation between each application (e.g. so that Firefox can't touch Bitcoin Core). This is the only good option when you can only have one computer.
The other option would be to have multiple computers -- each being used for one major purpose (e.g. a Bitcoin computer, a software development computer, a gaming/browsing computer).
reply
Unfortunately Luke's setup was pretty standard
Luke has been around for a while. Many of his wallets didn't have a seed:
Seeds didn't exist back then
That means that most people today would not have his setup at all, and instead they would create a seed on an air-gapped computer.
reply
Could you ask him to provide as much detail of his set up? He keeps saying he doesn't know how the bitcoin was stolen, but we know his full setup we may able to find a weakness.
reply
As if it was about complacency rather than personal indolence...
reply
I bet he looks at websites with too much visible skin.
Bitcoin crypto is secure and unbroken. It must be his own fault.
reply
Why do you feel the need to specify "non-govt actors"?
reply
295 sats \ 3 replies \ @pi 1 Jan 2023
I hope it's a β€œboat accident” πŸ˜΅β€πŸ’«
reply
That's the best case scenario. Almost inspirational if so.
reply
11 sats \ 1 reply \ @ski 2 Jan 2023
This would be a legendary move lol. Should we all get β€œhacked”?
reply
I think that's the ticket
reply
Wasn't on an airgapped device?
Not multisig?
He reported a server of his having been compromised less than two months ago:
PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
Security practices that might have been adequate in 2013 (by necessity with essentially no alternative) incur significant risk if still employed a decade later. Sorry to learn this occurred, but it most definitely did not have to.
reply
Looking through Luke's comments on Twitter, it seems like his cold storage keys kept "in a physical safe" have also been comprimised. Almost all bitcoin gone.
Let's hope this is just an elaborate boating accident claim.
reply
The answer could be more simple than all these hacks theories. You are a PUBLIC, core developer working in Bitcoin for years, you obviously hold a bunch of BTC. In that case you are a target for professionals, not only in cyberspace, but also in the physical world.
His Twitter profile says a lot about him, where he lives, what he's doing. This happening during the holidays... Is it possible someone breaking in his house and find the seed written down? The Twitter profile says this guy is a devote catholic. You don't need to be Sherlock Holmes to try look for the seed "kept by God" inside a bible or behind a cross. Definitely easier than robing a bank.
If you hold $10M in BTC, you have 2 options: or nobody knows who you are, or you have your house secured at ScarFace level.
I'm probably wrong, but definitely a possibility.
reply
Exactly, the more public you are, the more hackers are trying to figure out how to hack you. BTW he said the stolen bitcoins were in a hot wallet.....
reply
or you pretend you got robbed.
reply
Luke may have reused the computer he created his original private keys on. He says his offspring is using the computer he created the private keys with. Should have used and incognito OS.
reply
What the heck @FBI @ic3 why can't I reach anyone???
Very pathetic!
Calling out for daddy government - but what did I expect from a sedevacantist - they're traitors with no backbone so this is to be expected.
I bet It's his own fault. Maybe visiting shady websites or giving access to his computer in any other way.
reply
I've never heard of Sedevacantism before, but today I learned.
reply
I found this quite fishy... something is not right.
reply
Agreed. We should be cautious for now... Luke had allegedly server breach issues couple months back that definitely sounded like a work of three letter agency.
(fwiw Bitcoin meetups often have fed agents... not even hiding)
reply
Bitcoin meetups often have fed agents.
We know, they know that we know...
What sounds me fishy is that:
  • why he kept so many of his BTC in a hot wallet (I can't believe he doesn't know the 3 level rule)
  • why he "announce" this on twitter (maybe even his twitter acc is compromised by the same guys and this "announcement" is a trap)
  • Even if would be a gov agency game, why Luke? He's not a so "high ranking profile"
I think there's something more that we still don't know or if he's the real one posting this, maybe is hiding something or not telling all the story, and just want some attention. This kind of stuff you don't make noise on twitter, but in private with well trusted peers.
reply
He said it was not a hot wallet. He said no keys were online. So somehow his process was compromised.
The guy is extremely strange and almost unable to communicate. He probably did something very weird with his cold wallet private key.
reply
Wait... what's the 3 level rule?
reply
reply
Yes, indeed, that is a very important guide. Also in this one https://darthcoin.substack.com/i/49446128/conclusion
reply
Fishy indeed... I wouldn't expect Luke jr to store his private key online and ask the FBI and a shitcoiner for help
Another option could be his Twitter has been hacked (via LastPass hack?)
reply
Is well known that Elon is working hand in hand with FBI. He's just pretending to be "the good guy"... Could be one of his "maneuvers"...
reply
Well, one does go fishing on a boat.
reply
These kind of "stories" scare the crap out of me.
reply
LOL Luke... you didn't read Darth guides (your father) πŸ˜‚πŸ˜‚πŸ˜‚πŸ˜‚
Use the three level stash method: A. HODL = your "central bank" with most of your stash, your reserve bank, barely moving it, onchain in deep cold storage
B. CACHE = your "commercial bank" with medium size amounts, for redistributing to HODL and SPEND, onchain and LN, nodes channels etc
C. SPEND = your spending pockets, with small amounts, enough to cover your regular spending, LN, with funding source from your "CACHE bank".
reply
I agree. It's his own fault. He might be a smart developer in Bitcoin but doesn't get it πŸ’©πŸ’©
reply
Haven't you admitted to keeping a jpeg w/ bitcoin in it on a cloud? Or am I remembering that wrong?
reply
This one? Yes, please take the 1BTC from it if you can πŸ˜‚πŸ˜‚πŸ˜‚
reply
Right... And you've stated "The original file is in a safe place (online)", and you've confirmed that this isn't the original file.
Just saying, you're making fun of a guy for keeping lots of sats in a hot wallet that was compromised because his encryption key was stolen, when you've also got a wallet sitting on the open internet, thinking your encryption key can't similarly be stolen.
reply
Please try. I will put it even easier for you: in one of my substack articles, I put just 12 words. In wide open. Find them if you can and you will open 1BTC wallet.
reply
thank you for your service
reply
Using my inability to pull off the same kind of professional targeted hack that Luke fell victim to as evidence of your own wallet security is a weak argument.
reply
Sometimes the most complicated methods are the ones "hacked" or leaked. My method still stay strong.
I just told you: you can even find 12 words in one of my guides, in wide open. If you are able to find them and put the right order, you get your prize of 1BTC.
This is bad for the community. How best can we secure our keys so that this doesn't happen to noobs who level of security isn't up to a Bitcoin Core developer?
reply
How best can we secure our keys so that this doesn't happen to noobs who level of security isn't up to a Bitcoin Core developer?
Being a Bitcoin Core developer means nothing. I've seen security researchers fall for basic phishing emails, a Bitcoin Core developer failing at basic opsec is comparable
reply
It's also bad because all the dirty CEX practitioners will be all over this like a rash saying keep your Bitcoin safe with us
reply
This is highly suspect
reply
reply
If you use a hardware wallet, this can't happen, right?
reply
Hardware wallet is safe if you didnt write the seed down somewhere else where it got compromised ✌🏻✌🏻
reply
Hardware wallets, used as instructed, are FAR safer than Luke's hot wallet scheme. He said he has to trust someone else to get to his coins... So retarded...
reply
Who is this ic3 and what does this message mean:
432ded946431a9612f09d73bd15ded045d11d1095ffdfe8d68306ea9b2e78930 c38a3210fbb758cfc41d9a64b7534b83aecca96f051231f15545e8e5c7365190 4b3cde50e2bce3d02e15b61957d2452e29f53d9a99e1ab14e83b6ec0f87fd851 50df1eab0bf2bd01999cea4fc531a65c17e1a285823c9ae4eab0feb7e21a11b6
reply
those are 4 transaction ids, you can look them up on a block explorer
reply
Yeah that's not Luke?
reply
Daamn
reply