One of Bitcoin’s core developers, Luke Dashjr, claims to have lost “basically all” his BTC holdings in a series of tweets sent on New Year’s Day.
Although the total amount of cryptocurrency is unknown, in the thread he shared a wallet address where some of the stolen currency had been transferred and that amounted to approximately 217 BTC, or roughly $3.6 million at current prices.
Dashjr said in the tweet thread that an unknown party had gained access to his PGP key, an encryption system known as Pretty Good Privacy, that uses a public-private key pair mechanism to protect information. Because his keys were compromised, this means that everything he had signed with it, including wallets used to store his cryptocurrency could have also been compromised.
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— @[email protected] on Mastodon (@LukeDashjr) January 1, 2023
In particular, PGP keys are often used to encrypt messages between a sender and a receiver and also used to sign pieces of software to prove that they have not been tampered with.
Although he claimed to have “no idea” how the attacker gained access to his keys, the community has speculated that one of his servers may have been compromised with malware according to a previous tweet on Nov. 17.
PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
— @[email protected] on Mastodon (@LukeDashjr) November 17, 2022
Dashjr also warned that users of the Bitcoin Knots wallet and should double-check their installation because it could be using his compromised PGP keys. He cautioned that the current Knots download could not be trusted until the situation could be resolved. He also added that Bitcoin Core was safe because it a different signer had signed it.
By having his PGP key compromised, Dashjr is suggesting, an attacker could insert malware or malicious code into Bitcoin Knots and hide that fact by signing it with his key. This would make it look like he had complied and prepared the code and it was a legitimate download when it was not.
Cryptocurrency exchange Binance Chief Executive Changpeng “CZ” Zhao also offered his support and said that the security team of his exchange would monitor the movement of the currency and freeze it. He added that Binance has “law enforcement relationships worldwide” for dealing with situations like this.
Zhao followed up his tweet commenting that this is a potential danger for people who keep currency in self-custody wallets, which has become a talking point for him on Twitter since the collapse of the crypto exchange FTX. The bankruptcy of FTX pushed many users to move their assets off centralized exchanges and into their own wallets, which Zhao claims come with their own risks, such as the potential of being hacked.
Self-custody solutions include a variety of potential methods such as software and hardware that allow users to move their cryptocurrency onto their own computers, mobile devices or hardware wallets, meaning that they control their own currency and not a third-party such as an exchange.