The recent compromise triggers fresh debates on the security of self-custody measures.
Luke Dashjr, one of the earliest Bitcoin Core developers, claims to have lost all his bitcoin (BTC) – amounting to 216 tokens – in a recent self-custody hack. According to him, the hack involved a compromise of his PGP (Pretty Good Privacy) key. PGP is the encryption system using public-key cryptography to secure a bitcoin address.
Dashjr reported the exploit through his Twitter handle on New Year’s Day, revealing that he is unaware of how the hack occurred. The hacker had taken out 199.1 BTC ($3.3M) before Dashjr publicly reported the incident, noting that “at least many” of his bitcoins had been stolen. Less than five minutes later, three more transactions wiped out his entire BTC holdings, a total of 216.9 BTC ($3.6M).
Looks like some of it is coinjoined to 1YAR6opJCfDjBNdn5bV8b5Mcu84tv92fa
— @LukeDashjr@BitcoinHackers.org on Mastodon (@LukeDashjr) January 1, 2023
The tokens remain dormant in a recently-activated bitcoin wallet at press time. The hacker moved the assets in four transactions within 5 minutes. Despite tagging law enforcement, Dashjr noted that he had yet to receive a response from any agency. When asked if he could share insight on what happened to help others, he replied, “No idea.” Some believe a close friend might have stumbled on his private key.
Notwithstanding, he warned the public against downloading Bitcoin Knots and trusting it with their assets until the whole situation was resolved. Furthermore, he advised those who downloaded it in the past few months to shut down their systems for now. Bitcoin Knots is a fork of the original BTC client software (Bitcoin Core) with some added features. Dashjr noted that he does not feel the Bitcoin Core client is compromised.
Fresh Debates on the Security of Self-Custody
Several individuals tried to attribute the recent exploit to a previous server attack he experienced in November and December last year, but Dashjr has debunked these claims. The latest exploit has sparked fresh debates on the security of self-custody measures, attracting comments from notable players within the industry.
Binance Chief Changpeng Zhao expressed his sympathies and noted that the Binance team would monitor the situation to see how they could help resolve it. He further mentioned that self-custody measures do have their risks. When Joe Vezzani, Lunar Crush founder, tried to downplay the losses witnessed with self-custody compared to centralized exchanges, CZ noted that most self-custody losses are not reported.
Sad to see even an OG #Bitcoin Core Developer lost 200+ BTC ($3.5 million). Self custody have a different set of risks.
We will try to monitor and see where we can help. 🙏 https://t.co/9eGZ7AFgC2
— CZ 🔶 Binance (@cz_binance) January 1, 2023
Speaking on the matter, BTC influencer Udi Wertheimer highlighted the dangers of managing one’s keys manually. “If even one of Bitcoin’s OG developers messes this up, I really don’t know how other people are expected to do it safely,” he asked. Udi further noted that he is not discouraging self-custody but asking that one refrain from managing one’s keys directly.
Following the FTX collapse, the crypto scene witnessed a mass exodus of funds from centralized exchanges as self-custody solutions became increasingly popular amid the decline of investors’ confidence in centralized exchanges.