Things started a little hectic this new year. EN Bitcoin kjerne OG revealed last Sunday afternoon that he had lost all of his BTC in a hack. The information shocked the bitcoiner community. Though, the security of the programmer’s server had already been compromised since November.
Developer Luke Dashjr posted the information via Twitter and a BTC adresse to which the hacker possibly diverted funds. As of this writing, the address has a balance of 216 BTC worth around $3.6 million.
He also indicated that he had not been aware of the theft until he received notifications about access to his account on two exchanges (Kraken and Coinbase).
According to the developer, the attackers gained access to his PGP (Pretty Good Privacy) key. With this security system, two keys are necessary to access encrypted information.
The Bitcoin Core developer also explained that the funds taken in the hack were stored in hot and cold lommebøker. Also, the bitcoins were in hundreds of private keys. All of them were created independently and did not have seed phrases because that system had not been implemented then.
He also ruled out that it was a vulnerability in Bitcoin because there would be more people affected.
Furthermore, the Bitcoin Core developer indicated that he still did not know how the hack in which he lost his funds occurred and that he wanted to “wake up from the nightmare.”
The previous security breach
The community linked the December 31 hack to another security vulnerability that the Bitcoin Core developer reported on November 17.
Back then, Dashjr explained that an unknown party had developed malware specifically created to access his server. The developer used PGP to analyze the system and found that the attacker had installed two or three remote backdoors. At that moment, he disabled the backdoors, confident that he was out of danger.
However, the Bitcoin Core developer revealed that in the December 31 hack, they used their PGP Key to access all their information. He said he couldn’t rule out that hackers had compromised all of his devices.
On December 25, it reported a second attack and accused its dedicated server provider of negligence, saying it was looking for a replacement.
Likewise, he explained that he used the PGP system to verify that the download of Bitcoin Core or Knots was not vulnerable to any hack. Also, he advised users not to download Bitcoin Knots until the situation was resolved.
He also advised users who had downloaded Bitcoin Knots in the past few months to consider the system down for now. Bitcoin Knots is a complete Bitcoin client with more advanced features than Bitcoin Core, such as BECH32, Legacy Addresses, and Segwit.
A problem of self-complacency
The community immediately contributed their theories on the matter. Even a user accused the developer of lying and using this strategy to evade taxes.
For his part, Peter Todd confirmed the hack and assured that Dashjr’s carelessness led to the security breach. Thus, in his view, the developer did not strive to protect itself long-term from complacency.
Likewise, developer Udi Wertheimer took the opportunity to revive the debate on self-protection. In his opinion, even bitcoins belonging to a Bitcoin Core developer cannot be safe from a hack if he keeps his own private keys. However, dismissing self-custody for an isolated security incident is too rash.
Wanna trade BTC, and other tokens? You can do it trygt på Alfacash! And don’t forget we’re talking about this and many other things on our social media.
Telegram * Facebook * Instagram * YouTube *Twitter