Bitcoin core developer Luke Dashjr took to Twitter on Jan. 1 saying he had lost 216 BTC ($3.6 million) after his ““pretty good privacy”” PGP key was compromised.
It comes after he reportedly lost a significant sum of money in Mt. Gox.
Immediately after the hack, coins were moved through a CoinJoin’ed to a new address, 1YAR6opJCfDjBNdn5bV8b5Mcu84tv92fa, where all his funds were transferred discreetly. By CoinJoining this transfer, the hacker could anonymize the transaction.
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— Luke Dashjr (@LukeDashjr) January 1, 2023
In the wake of the hack, Luke tried reaching out to the FBI and another Twitter account with the handle “ic3”, complaining that he “couldn’t reach” anyone.
Luke’s loss marks another unfortunate hack in the crypto scene.
Over the past few months, hackers have been zeroing in on crypto and DeFi protocols. The result has been a cumulative lose of over $2 billion in 2022 alone, forcing regulators and authorities to intervene.
However, amid this spate of attacks, it should be noted that Bitcoin and other truly decentralized protocols are secure.
Bitcoin, for instance, is secured by a decentralized web of validating nodes behind which over 200 EH/s of computer processing power ensures the network continues to perform reliably and without interference from third parties.
Since launching in early 2009, Bitcoin has functioned without halting or being breached.
In Luke’s case, the hacker compromised the PGP key that’s critical in ensuring “Bitcoin Knots or Core isn’t infested with malware”. Developers and entities running Bitcoin are urged to use PGP keys. They play a critical role as the first line of defense, and are referred to in “public-key cryptography”.
With PGP keys, it is only possible for the network to confirm the true ownership in an address since it is used whenever a user is signing transactions, approving transfers. At the same time, PGP keys are needed for asymmetric encryptions. Without it, it is impossible for a user to encrypt a message with a public key.
Even though it is not clear how Luke ended up losing his stash of Bitcoin, he is urging users to be wary, and not download Bitcoin Knots “until everything is resolved”. Those who have, he further advises, should “shut down their systems”.
The hacking of a respectable Bitcoin core developer comes as a blow to coin holders. In Reddit, one user said if it can happen to Luke, then no one is safe. The best course of action, he added, is to move assets to a secure cold wallet. A cold wallet is not connected to the internet, and therefore hackers cannot tamper with PGP keys, and transfer assets.