Would be interesting to know how his BTC were stolen. Because he is a BTC core developer, I believe he followed the best practices, like not writing down his password. So infection or keylogger?
I don't know if it has a concrete definition but I generally say it to mean a crypto wallet that is directly or indirectly exposed to the internet.
It's possible to create a bitcoin wallet completely offline in a secure environment. The details to the wallet are then stored physically in a secure location/medium. This is called a cold wallet. People typically use a cold wallet for long-term storage of coins.
This is my personal view on the topic. I don't claim it strictly matches any "official" definition.
A "hot" wallet is a type of wallet that's typically stored in internal storage of a network-connected device, such as your personal computer or your smartphone. This is riskier way of storing funds because they can be exfiltrated by malware. You would typically use a hot wallet for day to day transactions.
A "cold" wallet is a type of wallet where private keys to control the funds are never in contact with a network-connected device. They're typically stored in the form of recovery phrases written on paper or metal (in a secure location), or some kind of a smart card that securely stores private keys and exposes an interface to sign individual transactions (e.g. Ledger devices). Funds stored in a cold wallet are much harder to access, but are extremely (or completely) resistant to theft, short of physical access.
In crypto a "hot" wallet should be treated as cash, while a "cold" wallet is more like a savings account.
I am not a security person, but I can't help but wonder where the advice of not writing things down comes from? I think my wife's password book on her desk is a lot more safe than most computer experts.
Someone kept theirs in their wallet, and their passphrase showed up on a publicly released police body cam the other day when their insurance was checked or something.
Say your wife is a well known Bitcoin billionaire.
And your wife bought something from my eBay store. Now I have your home address.
And if I am a ruthless character then I quietly break into your house one day with th3e objective of leaving no sign I was ever there. Search for written down passwords, take a photo, leave.
Of course its obvious there's many ways to get someone's address.
The point is that companies put vast effort into digital security but in many cases it's easily compromised by going to the home of the person that is the hacking target.
Okay, so assuming you get past this theoretical billionaire's physical security (at a minimum gated fences and an alarm system; if they're actually a billionaire, probably 24/7 armed private security as well) and into their mansion, how long do you think it would take you to search their 7 bedroom 10000 square foot mansion for these written down passwords which you have no information as to whether they even exist?
It comes from the threat model, having a password book on your desk in a cubicle is absolutely not secure.
On a desk at home? It is marginal, certainly a burglary is a low frequency event, but we also have events like fire that make it insecure in other ways.
Password books are basically physical password managers. The only problem I have with them is that the passwords in most password books I've seen aren't very creative or random. As long as you write down randomly generated passwords instead of permutations of the names of your kids/pets/parents, I don't know what people are panicking about.
The perfect password book is combined with a word you remember but don't write down as a pepper, but I doubt it's much of a problem in practice; it takes one leak of an u hashed password to break the code.
I think for many the risk of someone breaking in and stealing your password book is much smaller than the risk of a centralised password manager getting hacked (LastPass and friends).
That advice mostly originates from security folks working in workplace environments, where passwords that are written down may be visible to people who are threat vectors.
I think it’s reasonable advice for most people. The alternative is usually having a simpler password which is worse if your threat model is ‘hashed password shows up in big breach’. If your threat model is ‘someone turns up to your house to get your password’ your worry should not be theft of the paper.
and the bulk of it should be on a paper wallet, in the vault of a bank or another real world institution. the hardware used to generate this key should be wiped out. so if he followed best practices, he didn't lose this money
edit: just found out that the btc was stolen from a dedicated server on ColoCrossing. this makes no freaking sense. no server connected to internet should have access to the keys to your btc (or access to any keys that could be used to later on grab cryptocurrency keys). hot wallets should be hardware wallets, cold wallets should be acid free paper
That's not how it works at all. "Bitcoin" is just a unit of measure, except for the brief moment of mining a new one. Would you be less paranoid if your savings were denominated in pennies vs dollars?
As others have said, he for whatever reason had a completely lazy setup for someone who develops for Bitcoin Core. He doesn't even use a hardware wallet or use a separate computer for his BTC bag or other sensitive data.
I use Twitter solely for moaning at service providers who respond [far!] faster on Twitter than they do by phone or email, but .. umm ... doesn't this [common] mistake demonstrate how broken this approach is?
To recoup the loss possibly, but that’s not necessarily governments job. The governments job would be to investigate the theft in an attempt to charge a suspect(s) with a crime against another person.
If the property is replaceable by the charged parties then that could be used by the government as a consideration in plea bargaining or sentencing. But if it’s gone then hopefully the plaintiff purchased insurance on it.
I'm confused why he even is interested in reaching these governmental organisations. Isn't it the idea of "code is the law" a pillar of the crypto movement?
I don't claim that the person in question did this but as a thought experiment IMHO stealing Bitcoin is oxymoron because the transactions are happening in the realm of zero trust computational environment. The whole premise is that this is a trust-less system which means that we shouldn't even attempt to trust in anything about the wallet movements.
Maybe it was a handshake deal that went sour afterwards?
fraud and reconciliation are fundamental in our finance systems. To claim this as anything other than a failing of bitcoin as a whole is "inexcusable".
I still get butterflies thinking about the clever beauty of the great network, computer, software, cryptographic security piñata in the sky.
It means that rather than being a story about public affairs, snake oils, and conspiracies -- security is now a legitimate business concern.
I won't pretend to have an endgame, but I really don't see too much to loathe. Even the most vehement concerns are easily reframed as opportunity.
- Unsuspecting public? To contrast crypto with the system not many people's personal financial planning involves bounding correlations between News Sentiment -> VVIX -> VIX -> Derivatives market -> Volatile inflation across all sectors.
- Security concerns? Again, this slaps a price tag, and hence quantifiable risk-level on every computer system security level -- airgapped? networked? It's practically its own insurance, on software that is still centuries away from being closed-form auditable.
- Proof of work? Global governments cooperate to limit, minimize, control power usage. Not such a bad thing in that light, the power system could use more care and engineering as it is.
A Bitcoin dev has a higher threat profile than the average person. if only because it would be assumed he had many bitcoin in self-custody. Many things we do as a 'nobody' would get us compromised if our threat profile were a littler higher.
He made it worse by being so public, and hosting his own (publicly known) servers.
As soon as trouble comes to paradise, they wonder why traditional institutions they dissed all along is not dropping everything and take up their case (FBI in this case).
Ok, but please don't post repetitive flamewar comments to HN—this kind of thing has been posted a thousand times by now; the only value left in it is indignation, which is the opposite of the curiosity we want here.
Perhaps you don't owe paradise better, but you do owe this community better if you're participating in it.
Btw one more thought: this kind of thing is natural in conversation because repetition has other functions (e.g. it connects people to share and agree on familiar things). So commenters aren't doing anything wrong in principle when they post like this—it's actually HN's rules which are the unnatural thing. But it's clear that we have to have them, given the mandate of the site.
If you hold a large amount of bitcoin your threat model should be way above the average person. It sounds like his infrastructure was specifically targeted. It can be very difficult to protect against targeted attacks from adversaries.
If the level is millions of dollars, that device could be physically stolen, or some aspect of the cryptography/auth scheme could be attacked through a 0-day.
Of course, it's also possible he just wanted something closer to the convenience of a bank account/credit card instead of a pile of cash and failed in the opsec.
Keep a small amount in a hot wallet for convenience and a larger amount (but not too large) in a cold wallet accessed via hardware. But the bulk shouldn’t be accessible without breaking into at least two lock vaults.
No, I was attacking your idea that it's somehow common sense that the best way of storing BTC is by working with multiple banks (!!!) to store various key fragments, by showing a more extreme version.
Of course, if someone did follow your example, and then the government compelled the banks to hand over access to the physical tokens, other people similar to you would come out and say "not your keys, not your bitcoin", or insist on even more byzantine forms of secret protection.
Not to mention, with your proposed scheme, actually using your BTC becomes significantly slower than any international bank transfer.
For me as a consumer, storing money in a bank is far simpler and more convenient and more likely to not get me burned than it is to store various hardware tokens with various banks (having to physically retrieve them when I actually want a purchase).
So, if the only way to secure BTC is to this cold wallet dance, then it's clear BTC is not a usable store of value compared to USD.
Shamirs still requires having the (single) private key present for signing.
Multisig is far superior for Bitcoin security. The keys can remain geographically separate at all times. Each signing operation requires only the partially signed transaction (PSBT) and the other public keys.
Non-issue if you only use the key once, then do a new split each time. Plenty of tooling exists to make this easily in reach with a simple shell script.
Why would you use Shamirs when the Bitcoin protocol has a superior mechanism built in?
SSS is a good solution for other key material, and for storing a paper key to be used for recovery purposes, but it's completely inferior to multisig for normal management of a shared and/or large Bitcoin wallet.
I just love the idea of going around creating accounts at multiple different banks for storing of parts of the key.
Then, when you're finally ready to access you funds, creating appointments at all those different banks, driving to them all, and then finding out enough of the keys are completely missing that you now cannot access any of your funds:
A great success for the idea that your BTC is a store of value not dependent on traditional financial infrastructure - now it takes the a whole morning and cooperation of 3 banks for you to get at your money.
“Targeted attack” can mean many things. If you have control over wast sums of hard to trace treasure a determined attacker might just kidnap you and/or your loved ones, and win your cooperation using threats of violence.
Your suggested safety precaution is a sensible start, but far from enough if you have a lot of bitcoin.
It is actually really simple, albeit tedious, to defend your bitcoin against remote state actors. Do keygen and signing with reproducibly built binaries on a reproducibly built minimal OS and never connect it to the internet.
I've never been a fan of crypto (despite holding some for diversification), but I think some tweaks could be made to make it safer and more reasonable without comprising what its proponents like about the system.
Crypto prtocols need a way to reverse transactions if the original address as well as some quorum of elected "supervisory overseers" agree [1] to it within a week or so. There should also be a mechanism to move the balance to another address with the original owner and these parties.
This wouldn't allow the "regulators" to themselves steal or coerce, but they could provide assistance in large thefts like this.
[1] Obviously the attacker would vote no, but a single yes from the true account owner would override.
Since nobody has offered a response, I'll offer my 2c. Your suggestion flies in the face of what Bitcoin and other cryptocurrencies that operate according to the same principles were designed to be (trustless, some degree of anonymous) and it would make the system ripe for abuse (more than it already is). What if Luke Jr is lying and he spent those bitcoins in return for goods and services?
Suddenly you have to establish a department that would hear from both parties which introduces the problem of identifying the other party and getting in contact with them, then they would have to evaluate the evidence and make some kind of judgement. Paypal attempts to do what you're describing and it's constantly abused by both buyers and sellers alike.
Bitcoin might not be perfect, it might not even be fit for most purposes (highly subjective), but scrapping the idea outright would be a much better outcome than bastardizing it with "trusted" middlemen to the point where it's not fit for any purpose at all.
I think progress could be made in UX design, by pushing users towards using hardware wallets and other areas, but changing the protocol such that trustless transactions now require trust is not an appropriate solution. It's the core of what cryptocurrency is as a concept.
Thanks for the response! I appreciate it much more than the downvotes, and it gives me a position to consider.
I still find myself in disagreement - there need to be safeguards at the protocol level, and not just for ordinary people.
Escrow and restitution could be built as a feature where trustless and anonymous transactions can still take place. Taking into account my previous post, imagine this setup:
There are now two types of wallets/addresses. One type functions exactly as Bitcoin does today. The other type, however, automatically subjects transactions to temporally-gated restitution systems and allows you to recover funds if a side channel refund request is made.
Funds in the original Bitcoin wallet type experience transactions that are instant and non-refundable, and you can keep "hot" funds here. The "cold" wallet type requires more time to pass before the funds "settle". It can function as your bank and offer lots of additional security.
It'd be easy to make the wallet type an identifiable part of the address so that all parties know what types of transactions they're involved in.
This extension to the protocol could be 100% opt-in.
It's already part of Bitcoin: You'd simply assign your coins to a 2 of 2 multisignature with your escrow service. It's implemented in practice too, in varrious forms including ones with timeouts in case the escrow service goes down or tries to extort you itself.
In an attempt to make this a more productive comment, can you elaborate on what is an "honest way" to make a living in a way that is not "environmentally destructive?" I assume the "other people with 8 kids" are not Amish people selling produce at a farmer's market. Someone providing for 8 kids would likely have a car (maybe two), and go to a job in a building that uses electricity, right?
What about your leisure time? Xbox/Playstation? TV? PC/smartphone? Or are you somehow posting your comment via smoke signal or semaphore?
no big issue because surely he must have 96M more. no one would ever store all of his wealth in one single asset - and especially if its a very risky asset that isn't backed by any real value. or would he?
https://bitcoinhackers.org/@lukedashjr his mastodon feed indicates that one of his servers was physically compromised multiple times. Seems like he should have been more paranoid about securing his coins with that knowledge?
Speaking of paranoid, that link you've posted, isn't that a link to a server that's known to be compromised, and also an apparent watering hole for crypto wallet holders? Am I unreasonable in thinking that's a very scary link?
edit: Mastodon doesn't work without JavaScript, holy hell. We truly are living in a dystopia. Thankfully you can still access his profile from another trusted instance such as mastodon.social at https://mastodon.social/@lukedashjr@bitcoinhackers.org
I always have JavaScript disabled by default (uMatrix policy), but (0) there's many other attack vectors, to my layman understanding, and (1) at any rate that one's a Mastodon instance and those are blank pages without JS.
I'm electing to add new URL regexps to my uBlock filters, to reduce the risk of accidentally clicking a link similar to this. I don't think I want to visit any web domain that caters to people who hold crypto wallets.
Interesting, you might need to it yourself through the UI then, just copy everything after the slash and paste into the search of any trusted Mastodon instance and it should load the profile through there. Not sure why the URL redirects to the other instance.
And even after being hacked once due to !!! physical access to the servers !!! he was still looking for an "accessible" dedicated server instead of a trusted service or self hosting somewhere he could keep safe. He had more than 200 bitcoins. People are weird.
Assuming this physical access claim is truthful (and i have doubts), I would feel at this point its budget letting him down. If your threat model includes "targeted attacks from people with physical access", it's time to run a vm on aws or azure and use the tooling they make available to secure it further. If you want tonnes of resourcing at a quite low budget, there's only a certain amount of "calling out" the group that supplied it that's reasonable.
I believe most of these "physical attacks" are datacenter support teams being socially engineered and not state-level actors. They hook up a USB rescue drive to "help" you back into your server, using full disk encryption or locking down the BIOS can thwart such attacks.
You know as much as I'm generally unhappy with what MS is doing with forcing TPMs on Windows 11, I have to say Bitlocker on Windows is basically single click and a perfect solution, and I'm a bit disappointed in the scale of every comparable Linux guide I just Googled up. I can see why the average company doesn't have it deployed.
Not necessarily SE, there's been tons of 0days exploited against stuff like WHMCS, Hostbill, Kayako and many other systems used by hosting companies to manage this kind of thing.
Colocation and epoxy in any relevant ports is the obvious way to avoid this.
Sure, perhaps, but parent’s point still stands that AWS techs are not plugging USB drives into servers, because their threat-model already includes state-sponsored attacks.
Probably bad security practices. Maybe he has accessed a compromised server over ssh and used agent forwarding or something. Anyhow, looks like a pretty bizarre profile...
> So... Any trustworthy companies offering affordable dedicated servers?
>
> Currently paying $55/mo for:
so if you offer him some crappy free dedi appearing to be in an IP block of a reputable company all you have to do is wait a bit and presumably he'll upload his wallet.dat for you!
Just a few days ago he popped into friend's Twitter thread about similarities between Freenode and Twitter situations, and announced that it was Libera Chat that conducted a hostile takeover against Freenode.
Well, who would love to have a decentralised payment system that will inevitably attract criminal activity, but also makes every transaction public information?
Yup, there was a bug that allowed the attacker to create an unlimited number of Bitcoin, it was fixed, but there seems to be this myth that SN provided complete bug free working code from the outset.
Yes, but implementation errors-- not fundamental flaws in the theory or underlying mathematics.
It's not a statement about such things being impossible, just unlikely to come from a single individual working in complete isolation up until the bitcion whitepaper release.
Additionally this alone would be merely peculiar on it's own, coupled with the lack of retrospective investigations uncovering -anything at all- significant about the person moves it to suspicious. Adding in the subject matter of cryptography + pseudo anonymous money and it strains credulity not to consider
You're placing way more value on this than makes sense: Bitcoin makes use of good primitives, but no better than any expected familiar with the SoTA in the late 2000s would have selected for a greenfield project.
Maybe the most unusual primitive selection in Bitcoin is secp256k1 for ECDSA, instead of one of the more common NIST curves. But even that is understandable, given that Nakamoto was active in the cypherpunk community and concern around the constants used in the NIST curves was a common discussion item at the time.
As far as I know, there's no concrete evidence that the NSA has compromised the security of the NIST curves. That would be weird for them to do, since they use those curves internally to encrypt data classified at Secret and higher.
More specifically, a scheme to enable transferring funds in/out of foreign countries to securely bribe informants and supply agents with money.
It's the logical companion to Tor, which was created by the U.S. government to facilitate secure information transfer in/out of foreign countries. But when they created Bitcoin, they decided to make it anonymous after the mistake of doing Tor in the open.
Yes, the ledger is public, but good luck identifying which transfers are bribes paid to informants within your government. This is same problem any foreign government would have.
This is ridiculously ahistorical: the early Bitcoin releases had all kinds of bugs in them[1], and there was a reasonably large enthusiast community looking at it for years before widespread adoption.
The US government doesn't need to burn coal to fund the clandestine services. They just put it in a budget line item whose contents are classified.
Sure; I'm curious which intelligence organization you (or the GP) think is most likely, then.
Keep in mind that (1) most intelligence organizations and clandestine services operate with even less oversight than the US's, and (2) all available evidence points to Satoshi Nakamoto being an L1 English speaker who was mostly active in Western European timezones.
This results in logical regress: any positive evidence that Nakamoto was a native-English speaking Westerner can be spun into negative evidence of an exceptionally advanced adversary.
In other words, it's "that's just what they want you to think!" logic. And that can be true, but it's not exceptionally convincing.
I find it no more convincing that the whole notion of Bitcoin being some kind of covert CIA (Mossad, FSB, ...) money laundering operation in the first place. If we're willing to go there in the first place, then we should admit that none of the obvious cues are likely to be truthful.
Oh, they work. They're not for detecting lies, which as you are apparently aware they can't. But they're great at intimidating people into confessing and that's why the authorities use them.
Assuming you're right and Satoshi did lose their private key, one thing I find implausible is assuming embarrassment. Satoshi was, for what we know, a pseudonym that has held really well (we still don't know their real name).
Personally, I'm embarrassed when somebody can acurately pin a weakness to my character that I feel vulnerable about. For example: Satoshi could have been playing a persona that they aren't in real life, similar to how an actor plays a role in a movie. In that case, if e.g. someone criticizes a personality trait of the movie role, the actor won't personally feel embarrassed since the critique doesn't fall back to their own personality. I believe the same logic is transferable to the case of Satoshi, where even if they lost the key, they wouldn't truly have to feel embarrassed consider that they've acted the online personality from the get go.
Google 'satoshi dorian nakamoto newsweek' and you get to know him. Unless the journalist made the whole thing up or at least a big part of the article is a lie.
After reading that, you start asking youself very serious questions about the whole crypto charade.
I think the consensus was that he wasn't the guy. The guy didn't have relevant experience and didn't act like the guy, plus it would be very strange to use your real name but then not expect anything to come of it.
According to the article on Newsweek, he did have. He had experience as US army contractor (if I remember well, Tor network was itself the creation of 2 ex-US army contractors...). And he worked extensivelly for the financial sector. Both experiences as a computer engineer.
> it would be very strange to use your real name...
Vanity is a as old sin as the 6 others deadly sins.
That being said, I read reactions by other media outlets ('coin something' websites are not media outlet) and the concensus was the journalist should have let the guy alone and accused him of doxing, which is kind of a funny stance considering the market cap of Bitcoin was already at that time above 100 billions $. I mean, what kind of serious investor would put any money in a 100 billions market cap company created by an anymous guy on the web. In fact it would be impossible because the SEC wouldn't allow the company to be created in the first place.
That said, the word 'consensus' has absolutely no value in case of crypto, because of the shitload of money which has been thrown at paid shills, influencers, financial newspapers, media outlets and celebrities of all kind.
As I said, either the journalist made the whole thing up and should have been fired on the spot, either the whole Bitcoin charade is nothing of the kind we have been told.
because it's a useless problem to solve. The affected person going "FBI help me please" is the definition of that 'Bike Fall' meme. The answer to these situations is, use a currency where you can call someone that can roll your transaction back.
That’s one answer. But the question also applies to non-cryptocurrency uses of cryptography where you need to guard your private keys (like identity) — ie how to best enable people to use their keys while keeping them safe and also allowing for some form of recovery.
You're right, I've got it! We'll store our money in a savings account, with transfer safeguards, where someone can't irreversibly yeet my life savings into the abyss.
That's the point. If you're a criminal, you don't get to keep the proceeds of your crime. In this case, people were blocking streets and creating nonstop noise disturbances in order to get donations from foreigners who wanted to shut down the city.
Or do you think I should be able to pay a trucker to block your driveway and honk their horn all night? If so, the way to solve it isn't to let anybody get money for any illegal activity (which is only possible on Bitcoin because regulation hasn't caught up, not for any technical reason) but to make it legal for me to pay the trucker to block your driveway and honk their horn.
That's a big "if", and it's operating under the assumption that it was objectively correct for the Prime Minister of a civilized nation which claims to be a democracy to invoke emergency powers and declare a group of protestors to be criminals, bypassing due process that a civilized nation which claims to be a democracy should be using to reach that conclusion.
Is that the kind of democracy you'd like to live in, where any group of people can suddenly be declared criminals without due process?
> Is that the kind of democracy you'd like to live in, where any group of people can suddenly be declared criminals without due process?
No. The solution is to use democracy to require due process.
Bitcoin remains the wrong solution for both the reasons I gave in my GP comment. It (1) doesn't get around financial regulations that can freeze access to real money and (2) even if it could, allowing funding of any type of crime is the wrong solution.
Finally, even in this case, the truckers were given access to their bank accounts right after they left because their money can't be seized without due process, which won't happen for this guy whose Bitcoins were stolen. https://www.nationalreview.com/news/canada-unlocks-vast-majo...
Because the problem has more or less already been solved - just use a normal bank account like everyone else.
I don't think too many people are concerned with solving the "problem" of facilitating money laundering and other crimes.
Ok in fairness there are problems with traditional bank accounts (e.g. bank transfers have a hilariously bad UX, credit card fees are way too high, people without addresses have difficulty getting them, etc.) But fixing those problems is a political issue not a technical one. People on HN can't really do anything about it.
Besides politicians are working on fixing those problems (slowly). E.g. the EU is capping credit/debit card transaction fees. There's PSD2, central bank digital currencies, etc. etc.
Context now that the editorialised title has changed, this is a core Bitcoin developer.
These things happen every day, but happening to a core developer (if confirmed!) who has a deep understanding of the systems and security indicates just how fragile crypto can be (in my opinion)
This completely talks past what the person you're replying to is saying: it doesn't matter if "hardware based security is [...] the only way," because its conspicuous absence indicates that even the experts fail to meet the onerous requirements placed on them by cryptocurrency.
Yeah, this only highlights how ridiculous the requirements are.
The system needs to be tolerant of failures and faults of multiple natures. And cryptocurrency is very intolerant or many types of failures and faults.
I would assume that if you are a major player in the bitcoin world, you should do complicated things to secure yourself.
Its sort of like if someone wins the lottery, and tells the world they are putting the money under their mattress in their home. Its not unreasonable to say that such a person faces more risk than an ordinary person and should install an alarm system or something.
You would assume. But, empirically, users don't - even users who should know better. Users don't. If your model doesn't take that into account, your model is broken.
The Bitcoin model is broken. It very intentionally got rid of all the institutions that regulate and control finance, and in doing so, it got rid of everything that protects regular people from the wolves. The regular people aren't up to the task of protecting themselves, and they regularly show it. The model is broken.
So to be clear - i agree that bitcoin is a shitshow, haven for fraudsters and generally sucks.
But to the specific point, there is no model that fully takes this into account. There is no model that puts risk to zero. There will always be adversaries that can attack you if the payoff is large enough. There will always be people with increased risk exposure who have to take special precautions because the effort/reward calculus makes sense for malicious people to attack them.
The reason bitcoin sucks is not because its model includes such situations; it sucks because the bar for someone to be the type of person who has to care about such things in bitcoin is so much lower than in traditional banking.
> if the experts can’t secure their accounts, what hope does anyone else have?
This is my opinion of the entire software industry.
Chrome exploits, iPhone hacks, etc. These are nearly trillion dollar companies. If they can't do it then nobody can. Something is fundamentally broken.
Something is fundamentally broken. "We can write perfect software to prevent all attacks" is fundamentally broken, because we have empirically proven that we can't. (The previous model, "we can trust people", is even more broken. But maybe it's the same breakage? "If this packet that came over the internet passes all of our filters of known bad things, then we should go ahead and process it.")
People have touted capability-based security, but I don't think that's the answer, at least for consumer devices (phones and not-administered-by-IT computers). Users will give an app whatever permissions it asks for in order for it to shut up and start running, and those permissions will be used to gut their security. It may limit the damage somewhat, depending on how disciplined the app and the user are, but it will only reduce the damage.
We need a completely different answer. I don't know what it is.
Qubes, as great as it may be, is still another abstraction on top of an insecure base. The fact that things like spectre and meltdown are even possible is worrying. How does Qubes solve this?
As another poster said, we need some other computing paradigm, but I don't know what that would look like. All I know is something is broken if these behemoth companies with limitless resources still get it wrong.
Qubes is not just an abstraction. Its isolation allows to overcome the problem of fundamentally insecure software. For example, my passwords are stored in an offline VM (where I don't run any apps) and my random internet browsing occurs in a disposable VM (which is reset every time).
Yes, Qubes does not solve the problems like Spectre and Meltdown. Yes, you must trust your hardware to use it. If you are looking to solve such problem, then you might be interested in a stateless laptop: https://blog.invisiblethings.org/papers/2015/state_harmful.p....
Apart from that, I believe, the best computing paradigm is free software and free hardware, but it does not seem too widespread now unfortunately. This would be the actual solution. The "behemoth companies" are not trying to solve computer security. They are trying to get as much profit as possible, and it goes against security of the users. This is why they are not supporting free software.
My current "good enough" solutions are disabled and neutralized ME in a laptop and Librem 5 phone.
So, rather than the consumer being responsible for their actions you support consumers engaging in whatever risky behavior they like as long as someone else is there to protect them or give them a do-over?
Well the "trust me bro" marketers (and developers) have told them this is all good. Is it responsible, idk, probably not.
Then again, the point the GP seems to make is that this kind of platform should not be adopted for anything important, let the gamblers gamble if they want but don't try to sell it to the general public.
> So, rather than the consumer being responsible for their actions you support consumers engaging in whatever risky behavior they like as long as someone else is there to protect them or give them a do-over?
Yes. Every time you make a foolproof system the world brings us a bigger fool. I'd rather a few irresponsible people get a do-over than otherwise responsible people getting rekt like this.
The consumer in this case needs to be world class security expert (as "just" being good enough to be core bitcoin developer is clearly not enough) to just not lose money.
That's unreasonable for something that's supposed to be used as money
There is a big middle ground between "cover for users engaging in whatever risky behavior they like" and "cover for nothing whatsoever".
In this case, the problem is expecting users to be perfectly diligent, and either discard all convenience or all security.
Cryptocurrency continues to be a case study demonstrating why so many of the systems it's trying (unsuccessfully) to replace operate in ways that it doesn't.
Experts are also bigger targets and face more risks than ordinary people.
Like in the non-crypto world, banks are the experts on storing money securely, but people still try and rob banks despite ordinary people being much easier targets.
you won’t trust highly regulated banks, but you will trust random strangers on the internet whom you know want your wallet and all the coins in it, without any guarantees whatsoever that any security is in place. you only need to trust yourself, which is already 8-10 orders of magnitude less trustworthy than a bank, AT BEST.
even in the rare event that an established bank does go under, and it holds some of your money when it does, FDIC insurance will get you at least some of that money back. cryptocurrency has zero recourse if you are harmed.
i laugh when cryptobros and NFTbros lose money, because anyone with any critical thinking skills whatsoever saw these things as shams at the outset, and we tried to speak up, but none of those who have lost money even considered listening at the time.
it is hilarious to me when these things happen. i actually, literally, laugh out loud, without a single hint of remorse.
> Exactly! if the experts can’t secure their accounts, what hope does anyone else have?
A lot of hope, actually. If he followed the simple and oft repeated advice of using a cold wallet and/or offline computer, this attacked would have been mitigated. Hell, if some of the comments/speculation in this thread is true (ie. he kept his wallet.dat on a server connected to the internet), then this hack wouldn't have affected the user with the most basic setup of a software wallet running on a computer behind a NAT firewall.
If it was that simple and easy why wasn't he doing it. It's simply a ridiculous failure mode that you can lose your entire life savings with no recourse if you make a silly mistake. What a dreadful idea to foist upon ordinary people as the future of finance. We've never accepted this before and let's never accept this again.
Every random walk down the timeline results in 100% of coins lost or stolen.
[edit] You can only blame the user so many times before you have to really look inward haha.
Anyone with a direct or indirect stake in one of the few companies silly enough to throw it on their balance sheet. Since TSLA made the S&P that's basically everyone with a market investment, an IRA, a 401(k), a pension. CPPIB invested in FTX. CDPQ in Celsius. Everyone in El Salvador. It's a bit of a cancer.
Anyways those doing the foisting also includes all the shills, the laser-eyed, the influencers. [edit] It's not enough to say because they weren't forced at gunpoint, it's not coercive or immoral. We don't accept that behavior from people shilling penny stocks. And of course Salvadoran shopowners were in fact coerced with force.
>Anyone with a direct or indirect stake in one of the few companies silly enough to throw it on their balance sheet
Sure, there are institutional investors holding crypto, but how is this related to the current discussion of securing crypto? They're not exactly keeping their crypto holdings in a software wallet connected to the internet. They typically outsource that to companies that specialize in crypto custody, which presumably have better security practices than the OP.
Cryptos are 2500 years of financial frauds, bubbles, greed and insanity concentrated in 13 years of existence.
It preys of financially illiterate people who don't know better because they have been bombarded without any pause by endless list of bullshit as soon as they put the word 'investment', 'money', 'market' or whatever in any search box in the world, that being the one from your local bookstore, online newspapers, youtube, google, reddit and on and on and on...
And if you tell me fractional banking system is a ponzi scheme then you either don't have a clue of what they are or you pretend to.
It doesn't matter which companies, individuals or wathever .org or 'coin something' websites promote them or make a business of them because they're all fucking hucksters at worst or paid shills at best.
Talking 'security' about investment scams is like talking personnal safety in '101 suicide' book.
>If it was that simple and easy why wasn't he doing it. It's simply a ridiculous failure mode that you can lose your entire life savings with no recourse if you make a silly mistake.
Except in this case, it seems like he went out of his way to make it less secure, by putting his wallet on his server. This isn't a case of someone losing his mattress savings in a random home burglary, this is a case of someone leaving a duffle bag of cash in the seat of a car.
At the risk of murdering this dead horse there's a reason nobody positions duffle bags of cash as the future of finance no matter where located. Precisely because they can be stolen without recourse. Had that money been safely in a bank account they'd still have it in both these examples.
I mean this guy is already demanding the FBI get involved when the FBI's position is you should just put it in a bank account and not need to call us in the first place.
>At the risk of murdering this dead horse there's a reason nobody positions duffle bags of cash as the future of finance no matter where located
I think you're conflating "someone who is defending crypto in this particular instance" with "someone who thinks bitcoin will take over the world".
>I mean this guy is already demanding the FBI get involved when the FBI's position is you should just put it in a bank account and not need to call us in the first place.
Yeah, I think we're in agreement here that he was acting like an idiot.
Tell that to everyone in El Salvador and everyone exposed passively through the silliness of Elon and Jack, or OTPP or CDPQ. It's strictly false to say nobody is forced to use it - they are. Almost 7M of them in El Salvador. Their legal tender law isn't like the US, acceptance is compulsory and non-acceptance is punishable by prison.
But even if that weren't true, that doesn't mean its a good idea to use it or advocate for it or pretend it doesn't have these glaring flaws as folks march onward toward the abyss and take down the normies with them.
It's everyone's responsibility to call out bad ideas that harm us all. Especially when as soon as anything goes wrong, the afflicted yell "HELP! POLICE!!" just like our tweeter down-thread. That's a draw on public resources which puts this discourse squarely in the public interest. Not to mention spending like 0.6% of the world's electricity on coal-powered lotto ticket scratcher machines undergirding the whole charade.
The worst part is when things start to go wrong all the talking heads jump in and start saying "nobody could have seen this coming!!" and "crypto deserves better critics!!" It has fantastic critics - you just have to listen. Critics aren't supposed to say things you want to hear.
There are posts about OP’s server being hacked, but there’s zero evidence that they put any leaked secret key on their server. Someone more connected to OP suggests that it might be backdoored desktop software.[1]
Your average user will install whatever crap they find on the Internet. Hell, a friend of mine (in their 20s, not a grandma) recently installed god knows what when “Windows support” called. And it’s not the first time a friend fell for this kind of scam.
He left his keys on an insecure server exposed to the internet. This is the equivalent of "LOCKSMITH LEAVES KEYS IN LETTERBOX EVERY DAY AND THEY GET STOLEN, HOW CAN U TRUST PEOPLE 2 LOCK HOME?????"
Experts make mistakes all the time, fail to see hidden risks, like Challenger explosion. This will never see mainstream adoption at this rate. If the hacker is smarter, being smart is not good enough.
Experts did make mistakes for the challenger explosion, but they did much better than the average person. Put 1000 people at complete random into a room and say design and build a rocket, I suspect they won't even get to the build phase after several years.
When it comes to something everyone should be able to do, an expert making a mistake is a bad omen for the rest of us.
The vast majority of people do not get hacked, because they are not worth being hacked. But being a big target means hackers will devote more resources to getting your coins.
You underestimate the power of the Dunning-Kruger effect.
That 1000 random people will build it, get it on the launchpad, and press the button. That's not the problem. It's getting to orbit (and back) that would be highly unlikely.
The only mistakes experts made in the Challenger explosion was failing to draw pretty a enough picture to convince barely numerate management to stop the launch.
Right. And IIRC, at least one engineer knew the O-ring material was not proper during the build and design phase. And his protestations were ignored even then, long before there was any kind of launch. I could be misremembering though.
Be kind. Don't be snarky. Have curious conversation; don't cross-examine. Please don't fulminate. Please don't sneer, including at the rest of the community. Edit out swipes.
When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
While you may be used to making swipes such as "Are you ESL?" on other platforms, such behavior is really unwelcome here.
The salty posts about his hosting provider are confusing to me. He is paying $55/month and is expecting aid in forensics and audits? Is that normal for a low cost provider?
Edit: Also it sounds like he didn't immediately shut down the server after the first hack? That is completely insane. I understand you want to investigate but you are leaving yourself wide open leaving the system running. It's been compromised. End of story.
To be fair, even if he was only paying $5 a month, if there was a tiny chance that the compromise was done by an employee, any reasonable provider would be all over it.
He had no proof aside from "I have found no proof therefore hosting provider must've did it".
Then in his arrogance he thought he's expert enough to "clean" the compromised server even when every security guy will tell you to take the data out and burn it to the ground if there is even a suspicion of compromise.
1. Was he storing important secrets on a random server somewhere? A PGP key? Why?
2. Before this went down, he noticed someone broke in TWICE and he didn't shut down the server? What was the rationale? Security wise, is there something preventing you from downloading what is important to you and wiping the whole thing?
1) he thinks that "dedicated servers" are in any way secure
2) discovers malicious intrusion, but doesn't burn down the whole server and re-key everything
3) is supposed to be knowledgable enough to be a core Bitcoin developer but stays on a "dedicated server" after finding malicious intrusion.
This is highly suspect. Either you have stuff that's not worth much, and therefore you don't pay to physically colocate your own server, or at very least you don't pay enough to get a server from a smaller company where you're dealing with real humans with names and reputations... Or you're storing things that really matter, have a large value, or likely both, and you'd pay extra to get better things.
What kind of hubris would lead to continuing to use a compromised server, particularly when the compromise appears to have come from the hosting provider?
Perhaps we need to wait for more information, but from what I've seen so far, there's something not right here.
> What kind of hubris would lead to continuing to use a compromised server, particularly when the compromise appears to have come from the hosting provider?
"Appears to" to the incompetent victim of attack, "I dunno how it happened therefore it must be hosting provider".
He has found no avenue of attack, decided he must be perfect sysadmin so it couldn't be say just a plain 0-day or fact he didn't upgrade some software with security problem and went on blaming hosting provider.
... then continued to use not only same provider but same compromised server for months.
> These things happen every day, but happening to a core developer (if confirmed!) who has a deep understanding of the systems and security indicates just how fragile crypto can be (in my opinion)
Because no one can create secure software yet, Bitcoin isn't 100% secure.
This has nothing to do with the security of Bitcoin. No one has ever compromised the Bitcoin protocol.
This is a case of someone expecting a single machine connected to the internet that had been compromised in the past, to not be compromised again.
Very little software has rigorous security review, even the Linux kernel. Linux Odays sell for $50-100k. If you are storing anything more valuable than that on an internet connected Linux machine, it will eventually be stolen.
Use an offline machine or a hardware wallet for anything that matters to you.
Lol… “finance” is a social construct. People are the protocol. The Bitcoin protocol is subject to a vast number of people related hacks. Other financial markets aren’t perfect, but at least they have mechanisms and acknowledge reality.
He also lost a lot of Bitcoins on the Mt Gox hack b/c he thought it would be safe. He's just one person and I wouldn't draw any big conclusions about it. (One person who has been a massive target for something like this for many years, I would add)
>These things happen every day, but happening to a core developer (if confirmed!) who has a deep understanding of the systems and security indicates just how fragile crypto can be (in my opinion)
Based on the other comments in this thread it looks like he didn't bother using a hardware wallet (which is literally something that's recommended on bitcoin.org[1]), and kept his wallet.dat on a server exposed to the internet. You're trying to paint a story of "well if a bitcoin core developer can't secure his coins, then who can!?!?", but in this case it looks like he was being an idiot. You can lead a horse to water, but you can't make him drink.
So you’re saying that to use crypto properly, I have to secure a physical object that grants irrevocable ownership of my wealth? That sounds bad.
Is there a way I can get my crypto held my an institution with SIPC insurance, the way I hold stocks at a brokerage, so I can outsource this issue to someone else who is backed by a government guarantee? (I obviously don’t expect them to guarantee the value of the crypto, just that the broker doesn’t lose it).
> So you’re saying that to use crypto properly, I have to secure a physical object that grants irrevocable ownership of my wealth? That sounds bad.
Yeah, that's how most things work in the physical world. If you want to secure a widget, then you need to "secure a physical object that grants irrevocable ownership" of it. Cryptocurrencies improve on this slightly by allowing you set up multisignature schemes, so you can get redundancy in the event of a loss.
>Is there a way I can get my crypto held my an institution with SIPC insurance, the way I hold stocks at a brokerage, so I can outsource this issue to someone else who is backed by a government guarantee?
If you want government guarantees, crypto might not be right for you.
> Yeah, that's how most things work in the physical world. If you want to secure a widget, then you need to "secure a physical object that grants irrevocable ownership" of it.
You can’t steal my house by obtaining the deed. You can’t steal my stock by obtaining the stock certificates. That’s not how it works. The vast majority of wealth in developed countries doesn’t rely on physical security to maintain ownership. We’ve collectively outsourced that function to the government and other institutions, so we don’t have to individually hire bodyguards to prevent criminals from taking possession of our homes and stealing our assets.
Most people only hold a relatively small amount of wealth in forms that can by physically stolen (eg. petty cash, electronics). This means that you only need to defend yourself against a $1000 crime (stealing your TV), which is a lot easier than defending against a $1M crime (stealing your house or 401k).
If crypto requires holding my wealth in a hardware wallet that can be stolen, that means I’m only going to be willing to invest the amount of wealth I would spend on a TV, not the kind of wealth I am going to allocate to stocks or bonds.
Granted, crypto has utility for people who can’t use the government-backed institutions, like criminals. And in some countries where the government will steal your money, it has broader appeal. I won’t argue with that.
When this stuff happens, you can engage in a legal process that has the power to get your property back. The process to recover from this can be slow and difficult. I acknowledge that this is a failure of the institutions involved, which can and should be fixed. However, the existence of these avenues for recovery acts as a strong deterrent that limits the frequency of such crimes. That’s why I am slightly worried about the local gang stealing my TV (and my safe full of Kruggerands) but not at all worried about them stealing my house.
When your crypto is stolen, the theft cannot be reversed, by design.
The same legal processes that can be used to recover funds stolen from your bank account or stocks stolen from your brokerage account can be used to recover cryptocurrency.
>When your crypto is stolen, the theft cannot be reversed, by design.
If someone sends you a phishing link, gets your info, logs into your online banking and sends all of your money overseas, that theft generally can't be reversed either. (You'll find that the CFPB recently updated their Reg E interpretation on this, but that interpretation isn't binding and directly contradicts decades of practice)
If you're a business and get hit by banking malware, you're similarly fucked.
> The same legal processes that can be used to recover funds stolen from your bank account or stocks stolen from your brokerage account can be used to recover cryptocurrency.
If that is the case, then doesn't that destroy (at least) one of the basic principles of cryptocurrency that people constantly harp on?
Not for Bitcoin no. For other more advanced currencies (everything that supports smart contracts) rules likes these can be coded into the wallet.
You can have a rule that allows spending <$1k at known places, but anything over that has to have approval from 3/5 board members, or your manager etc. Any spending rule can be coded like this.
A house? Maybe. Hasn't worked out for the guy in the BBC story so far.
Brokerage account hacked, stocks sold and money wired away? Your chances of recovery are extremely slim. There's pretty much no recourse once that money has passed through a few hops.
Can you go into more detail about how multisig helps? I assume one of the signatures is my hardware wallet. Who holds the other signature? Do they have SIPC insurance?
I briefly touched on it above, but it's basically that you can mint as many keys as you like and require quorum to transact.
2/3 and 3/5 are common.
This way it's hard for a theif to find enough keys to steal your BTC, and you get additional backups in case something happens to one or more of your keys.
If you're keeping all your savings in crypto, I don't think a fire is your biggest risk. /s
In all seriousness, I completely agree. I'm not in crypto and this is part of the reason. There would be a huge influx of people like me if there weren't such a risk of theft (by individuals or platforms).
Multisig your life savings and backup the seed phrases on stainless steal washers. You can have as many signatures as you like and require whatever quorum you like too.
Maybe put some in Gold, Silver and Real Estate too.
Obviously you should never put everything in one basket.
Stock are to me a different class of investment from life savings type of stuff.
> To clarify, the idea is I need to keep my life savings in a fire-proof, theft-proof safe?
But yeah, you should definitely have a _portion_ of your life savings in a well hidden quality safe.
That said, you probably only need to put one key in a safe. Hide the other and give the third to a friend or custodial service like unchained capital.
For day to day use, transfer what you need to and from cold storage to hot wallets.
The more wealth you have the more security you need, and you should count governmental and institutional actors in you decisions or you will ignore threats from counterparty risk, inflation, confiscation, and taxation.
This thread is actually about security and custody, not valuation. Those are different issues, but we can talk about valuation.
My crypto has lost more value than any of my other investments. Since crypto (unlike stocks and bonds) doesn’t entitle me to any cash flows, and (unlike dollars) doesn’t allow me to repay any debts, why shouldn’t the value keep dropping?
Let's say I have a 3-of-5 multisig. That means there are 5 hardware wallets. I put a hardware wallet in my safe in my house, one in a bank deposit box, and 3 with 3 friends or relatives.
Now a thief needs to steal 3 of these to steal the coins. That's going to be hard for a thief to do. If a fire or natural disaster happens, it needs to destroy 3 wallets before I lose my money.
Yes, it's a low risk. Perfectly executed this is maybe a risk of one in ten million. So on a worldwide scale this means that it would happen every day, to someone.
But it won't be perfectly executed. Let's say you need to do a transaction while you're moving house. And maybe one of your relatives is in financial trouble.
You (probably) don't have the means to do what banks do, and hire an armored transport.
With collaborative custody companies like unchained, this is actually not as difficult to do right as you're making it seem.
Further, unlike an armored truck full of cash, security by obscurity is really easy here. That and for a short duration (say moving houses as you suggest) one could wipe a cold wallet clean and just remember a seed phrase. Personally, I don't have enough wealth to make this sort of maneuver at all worth it, but it's completely do-able.
I was once running a service that had redundant ISPs. None of them had had an outage in years. Then we needed to do a change, the first one ever that required disconnecting one of the ISPs. In the 4h window of our planned job the remaining ISP had its first outage that affected us. We had to apologize to many big name customers that depended on us.
Since then I don't believe in short SPOFs.
You could get hit in the head by a robber on your way moving your furniture, because the robber thinks you may be hauling high value stuff, and lose the passphrase. If you back it up on paper then the unguarded house may be broken into, and they steal the bag that had the paper passphrase.
Extremely unlikely that it'll happen to you, but extremely unlikely things happen all the time to someone.
I feel what you're saying is true, but not really something that should matter in a criticism of BTC when BTC is actually easier to secure than other dilution proof assets like gold.
3/5 multisig with collaborative custody would likely already be at least as safe as dollar checking accounts.
I would also recommend against keeping assets as gold in your basement.
> 3/5 multisig with collaborative custody would likely already be at least as safe as dollar checking accounts.
I think that's off by orders of magnitude. If the whole US did this then I'd expect thousands to screw it up every year.
"Just don't make any mistake, ever" doesn't scale. Not to more people, and not to any one person, given enough time.
It's like running a yellow light (and the occasional red, when you thought it'd be yellow a bit longer). You can go your entire life never being in an accident. But there are accidents every day because people run yellow lights.
But aren't we still pretending that crypto is a currency? So this means anytime I actually want to spend some of my own money, I need to go to the bank deposit box and also find at least one friend to help me out?
If we are all just taking these coins out of circulation to make them as hard as possible for anyone to access, including ourselves -- then what was the point of the entire thing again?
> If we are all just taking these coins out of circulation to make them as hard as possible for anyone to access, including ourselves -- then what was the point of the entire thing again?
> But aren't we still pretending that crypto is a currency?
These are such smug comments.
> So this means anytime I actually want to spend some of my own money, I need to go to the bank deposit box and also find at least one friend to help me out?
No, it means you have options to fully secure and own crypto assets in a way dollar bills or bank accounts never allowed. You don't have to do it this way, but if you actually have wealth, you should protect the larger portion of it.
If you have $1000 worth of BTC, just carry it in a hot wallet.
If you have $10000 probably put $9000 in a cold wallet and $1000 in a hot wallet for spending.
If you have $100000, you should probably use 2/3 or 3/5 multisig with a collaborative custody company like unchained capital.
If you have another order of magnitude more money than that you probably know better than myself how to hold your wealth.
In any of these cases, you have full control. Nobody can move your BTC without your sign-off. Your capital cannot be rehypothecated.
So in response to your smug question, yes lock away in deep dark vaults your wealth should you have enough to care about. For daily spending walk around using your hot wallet.
Your comp sci oriented since you're on HN, so if that still doesn't satisfy you, then think of it using caching layers. Keep the bulk of your wealth (should you have enough to justify it) in an L1 deep cold storage, then another smaller chunk in L2 cold storage in a single wallet, and finally L3 in a hot wallet for daily spending.
Another way to view it is if you want anonymity and sovereignty over your dollar bills, you have no choice but to secure it yourself -- probably in a safe.
If you're willing to let someone be a dollar custodian (banker) in today's system, they'll only keep a fractional reserve and lend it out. In actuality today they have other more complicated (but lesser) reserve requirements and without the FDIC bank runs would be commonplace. There's then a whole discussion about the solidity of the FDIC and whether it may collapse.
Fractional reserve systems create the banking cycle and is why we have booms and busts. Ponzi's and fractional reserve systems in crypto are why the crypto market just boomed and busted. There are a small number of legitimate crypto currencies and they're value is tied to the illegitimate ones simply due to crypto-crypto liquidity vs crypto-fiat liquidity.
In this thread nobody is taking a holistic view of what BTC provides.
Even comments that say we're not talking about valuation.
The problem is valuation is part of the reason BTC matters. Sure, you can get custodial security in dollars, but they'll be devalued for banking and governmental purposes.
BTC is sound money that's actually easier to store and use than Gold/Silver. That to me is the way to view it.
What do you mean by fake dollars? We're talking about US dollars. Yes, US dollars do change in value (down), but overall they're more stable in terms of purchasing power than bitcoin.
If these societal constructs fail what good are they?
Don't get me wrong, I think they're all probably decent as investments, buy they're a completely different asset class.
I put BTC in the Gold/Silver category in that it can be a hedge against societal issues. In this particular moment, I see BTC as a hedge against the ongoing de-dollarization and eventual inflation or plain lack of purchasing power that could cause.
I also see it as a means of censorship resistance.
Further BTC or any sufficiently distributed money is a way to limit bank/government power since they actually have to tax instead of minting new money.
I use it because I view the dollar as a debt based slave system I'd prefer was replace with censureship resistant sound money. BTC is pretty okay at that, but my preference is currently Monero.
Most of crypto is used in Decentralized Finance, basically an open source version of the activities done on Wall Street. Very little is used for everyday goods (and you're right, why bother when credit cards give much better rewards)
Have you bought options with your credit card? Borrowed money against collateral? Purchased and collected revenue rights to music? Traded oil futures?
These are the kinds of things I'm doing frequently on Ethereum.
All of those things have better protection in traditional finance. Sure, they don't have credit card consumer protection, but they do have other protections.
Unless you're using blockchain financial instruments in order to do more blockchain stuff (the circular use case), the other options are better.
Trading oil futures doesn't need cryptocurrencies. And if you use it anyway then you expose yourself to additional risk not in traditional finance.
E.g. the difference between FTX shenanigans hurting investors (who are now being victim blamed for "not your keys, not your coin") and anyone financially reliant on Tether shenanigans (which includes all holders of BTC) is that Tether seems to be getting away with it, by so far not being subject to a liquidity check / bank run.
You can still always fall back to the government if disagreements occur. The advantage of smart contracts is they automate away the need for costly lawyers in the good case (which is most of the time). You don't need to pay so much overhead for "protection".
The benefit an open finance platform provides is you don't have to have some blessed middleman that conducts the trades or holds money. There are a LOT of these middlemen in finance and many of them are rent seekers abusing laws to their advantage, and working to add more laws to entrench their company as "part of the system".
Then there is the problem of bigger players using their power to "change the terms of the deal" and force smaller players to comply or spend years in court challenging them. When the terms are coded ahead of time and the platform is neutral there is no entity they can corrupt to get their way and the contract executes as specified.
Lastly these systems are transparent, anyone can monitor and report on companies doing dodgy things, rather than a few overworked government bureaucrats. It also makes everything composable with everything else, anyone can build their own Bloomberg terminal equivalent, which is amazing.
FTX isn't DeFi BTW, they were an unregulated opaque trading firm. They are exactly what is wrong with finance.
> You can still always fall back to the government if disagreements occur.
Does the government have an override mechanism on the blockchain? If yes then what was the point of blockchain. If no, then will the government fork the blockchain?
Does the government just put someone in prison until they give up the keys? Most countries don't have true "life in prison", and what are the implications for the wrongly convicted in the ones that do?
How would you invalidate an illegal smart contract where one party is the estate of someone who died, are in a coma, or gets put under conservatorship?
> The advantage of smart contracts is they automate away the need for costly lawyers in the good case (which is most of the time). You don't need to pay so much overhead for "protection".
Most of lawyer work is clarifying intent, and legal compliance. Smart contracts try to replace the former with coders, but without a common sense safety net. And without the knowledge about what contracts are even legal. As for compliance, that's still needed.
E.g. writing a smart contract to pay someone automatically needs to support garnishing a salary due to various court actions.
What lawyer work exactly becomes automated? Do you know lawyers, and what they spend time on? Every example of smart contracts seem to me to be incredibly arrogant, and even more ignorant about what lawyers do.
It has a smell of "I don't know what they do, which means it can't be hard. I can write a twitter clone in a weekend, so surely I can write a script to replace a lawyer".
You can write a "bucket shop" web app over a weekend, but you need a lawyer to tell you it's illegal, or under which circumstances it's illegal. That's the real "protection".
I mentioned FTX and Tether to point out that the industry is built on a house of cards. E.g. if Tether implodes then that affects your BTC. I'd say it's more likely that Tether implodes than that the US government implodes.
It's not about money, it's about power. If you hold a physical item, you have the maximum power over it as possible. If you want to entrust someone else with it, go ahead, but at the end of the day your access to the item will be subject to their whims and those of the greater political establishment / woke clergy / corrupt and powerful.
A hardware wallet is a physical device that stores some private keys in a tamper-proof secure element. Those private keys can be regenerated from a recovery phrase[1] which acts as a seed to regenerate the keys in a deterministic way.
The hardware device is typically itself secured by means of a pin. Without the pin, the device can’t be unlocked so can’t be used, too many incorrect pin attempts will brick the device.
So the answers to your questions are:
1) If you entrust it to a safe deposit box then if someone steals it, it is worthless without the pin.
2) If the safe is itself destroyed and with it the device (this is also the case if you have it in a safe deposit box and the depository is burned down or something) then the private keys (and transitively the funds) can still be recovered using the recovery phrase. So if you have securely stored your recovery phrase and are able to retrieve it even this kind of problem won’t cause the accounts to be lost.
So what people tend to recommend is choosing good secure storage for your pin, keeping reasonable physical care of the device, taking the recovery phrase and splitting it into parts and storing those parts separately. If one of the parts is destroyed then you will need to urgently replace the hardware wallet, move the funds and securely store the new recovery phrase because if not you don’t have a fallback if the hardware wallet is destroyed, but otherwise you are good.
I wonder, couldn't a such "wallet" be built on top of secure element (i.e on iOS/android)? Carrying around an additional device just for "wallet" features is very inconvenient.
Presumably yes, although some people prefer having a special-purpose device even if it is an extra thing to carry around. It does depend on your threat model I guess.
Yes you absolutely do[1]. But that’s true of any wallet (software wallets also have the exact same recovery phrase system so for example if you lost the hardware wallet you could configure a software wallet by using the recovery phrase and get your crypto back).
Someone else using your recovery phrase to steal your private keys wouldn’t actually brick your hardware wallet. It would still work but obviously since the thing that it was there to secure (your keys) had been stolen that would be moot.
The subtext is that keeping all this stuff secure is hard and depending on your threat model may not be worthwhile. This is similar to the way in which for most people it makes sense to have a bank look after their funds. In the world of crypto though we’ve seen obvious examples of these centralised custodians being untrustworthy and since they are not regulated or FDIC insured or anything of that kind it’s much more risky.
[1] If you want the ability to recover your funds if the hardware device becomes inoperable, lost, stolen etc. If not you could just burn the recovery phrase so you don’t need to secure it.
Nope, not at all. Your hardware wallet is useless without the bitcoin trust frameworks and the implicit agreement among many people that these particular bits on your hardware denote anything of value. Both of these are completely beyond your control and reliant on mechanisms not fully understood. It’s a system boundary question: yes, your wallet is under your control (how do you know what’s baked into the silicone or firmware, I do not know), but the whole system is not.
There is a huge amount of vested interest in persuading people bitcoin or ethereum require no trust in third parties. This is not true, as illustrated by this case: the person writing code that’s supposed to secure your money made incorrect assumptions about security and was thus robbed. If you own bitcoin, you necessarily need to trust this person and his colleagues are neither malicious nor stupid. Why that’s better than making the same assumptions about state institutions and banks is, to me, not clear.
>There is a huge amount of vested interest in persuading people bitcoin or ethereum require no trust in third parties.
It requires trust that third parties will act rationally in accordance with the incentives provided by the system, which is very different from trusting someone to custody assets for you.
At a larger level it requires trust that people will continue to see BTC/ETH/etc as being worth something, but that isn't a unique problem to blockchain based digital currency solutions.
Sure but is a rationally acting financial institution operating in line with the incentives of the system they operate not also inclined to do everything to keep your money safe?
I think the key phrasing here is "the incentives of the system they operate" — it isn't completely unfair to say that large financial institutions have had a hand not just in operating, but in creating the system. They act according to broader financial incentives and are constrained by regulations (so disincentives), and their time horizon is much longer than the tight feedback loops produced by a blockchain. Their disproportionate influence over the financial system coupled with a feedback loop in terms of consequences that, compared to blockchain, is glacially slow and basically toothless, effectively gives them a ton of latitude to do shady stuff with your money.
You're not holding anything in your wallet. It's just fancy login systen to a transaction system that is bitcoin.
It's no different from bank login in the end, once someone has it, it can be transferred at will.
Sure, the difference is that in banking system bank doesn't need your credentials to do stuff with money but even that when big crypto bois money are involved stops being immutable as DAO ethereum fork proves, fuck with important people money and nothing is sacred.
> It's no different from bank login in the end, once someone has it, it can be transferred at will.
Bank login credentials do not confer undisputed ownership of an account. If someone unauthorized gets ahold of them, the bank doesn't throw up its hands and say "welp, nothing we can do now, the account just belongs to the hacker".
At least partly because they're not allowed to do that because there are specific rules about it. If banks could just say "so sad, too bad", they absolutely would. I know someone who had to resort to the financial ombudsman to get their money after a hack because the "bank" (Revolut or Monzo) would not engage with them to even acknowledge anything had happened.
> I have to secure a physical object that grants irrevocable ownership of my wealth
That's one way, but not the only one.
My preferred mean of storage is through a _vault_ smart contract, such as the "Gnosis safe".
It's basically a smart contract that you deploy, and send your assets to. You can then add some of your trusted friends as co-validators and require 2/3 validations for a withdrawal. You can also set a no-validation required threshold at $X/m for the day to day.
> I obviously don’t expect them to guarantee the value of the crypto, just that the broker doesn’t lose it
For the record, brokers rarely (if ever) store or guarantee client money.
Usually you have a custodian to hold your money (who will guarantee deposits, up to some limits), and your broker will unlock a credit line for you based on your collateral posted at the custodian.
There are custodians in crypto as well, "Paxos" and "Coinbase Custody" being the most well known. They will store your money on cold wallets with very strict guarantees (shamir split of the wallet keys among anonymous holders, strong entropy guarantees on key generation, proof of reserve, etc) and unlock it upon verifying your identity with real humans. It's costly though.
>I have to secure a physical object that grants irrevocable ownership of my wealth?
Not really. Can be a file copied across dozens of public places that is well-encrypted (say AES256+Blowfish) using a key securely derived (say PBKDF2 with many iterations) from a random password you don't use anywhere else.
That said, if you do that, have a system that will drill you for that password weekly, or you will just forget it. And make sure this system can't be compromised to record your password as you type it.
This doesn't help at all, it's still a single point of failure without recourse. You might be subjected to rubber hose cryptography or any of the systems you use might be hacked and your password extracted.
This is what his colleague recommended. A cold wallet that is only worked with offline. It is on an encrypted file system and can be backed up. (passphrase protected)
I remember that Silk Road associated guy that was caught recently with 50000 BTC. I was wondering why he didn’t just encrypt his wallet?
There is no way crypto coin will work for society at large with such requirements.
Since human beings are in physical forms (at least still in 21 century), physical form has been the most secure since beginning of human civilization. Every top secret NSA holds also relies on physical objects I think.
[anon]>>>>> Does the bitcoin community realize how literally crazy this guy is?
[deleted]>>>> They look the other way. He is by most accounts a talented coder who understands bitcoin's protocol better than most. His eccentricities are alternatively ignored or tolerated, as they are largely (but not always) harmless as far as Bitcoin is concerned.
[deleted]>>>> This tradeoff seems common in fringe libertarian groups. There's always one guy in the group who wants to overthrow the government solely to be able to marry his cousins, and the larger group accepts it because they're not in a position to turn down his assistance.
theskepticalheretic>>> Yeah but that's one hell of a faustian bargain. It wouldn't be too difficult to get a new developer up to speed, or find an equally talented developer who isn't batshit crazy. His craziness drives people away from any project he works on.
Hodldown>> I think you are wrong, I think bitcoin has been looking for real programmers for years but this poor quality of losers, weirdos and vrml dropouts is the best that showed up. I think this is the highest quality a project like this gets.
theskepticalheretic> Well the confounding factor would probably be that experienced high quality programmers have some historical understanding of distributed systems. When they look at bitcoin they chuckle and think "Haha, it's that silly shit from the 90's we used to use to test who had the fastest PC."
Well your code relies on some core tenants or it wont run, and some core ethics of catholicism in history have shifted that wouldnt be valid before, so its reasonable to see how theyd think logically on any topic.
except if you check the bitcoin core repo, all the PRs have extensive code reviews done before they're merged. the chance of a supply chain attack (eg. node-ipc) is low.
The opposite of "no true scottsman" is nut picking[1]. In this case, I think failing to follow widely promulgated security advice is a fairly reasonable justification to exclude him.
The average person also isn't a prominent bitcoin core developer who holds 200 BTC. If you're as exposed as this guy, I think it's fairly reasonable to at least follow the most basic of security advice.
>Bitcoin core developer is the nuttiest of bitcoin users?
In this case you can substitute "nuttiest" with "most lazy".
>The whole point is that he should be the one of most knowledgeable exemplary users.
In this case it wasn't because of lack of knowledge, it was something else (eg. laziness/apathy/cockiness). Kind of like how most people know that they should eat less and exercise more, but don't.
if you're talking about https://twitter.com/LukeDashjr/status/1609661811455819776, my guess is that he's either omitting something (eg. the cold wallet was internet connected, or there was a backup of its wallet floating around somewhere), or suffered a stuxnet level attack.
Yeah, my best guess is that he was owned for a while and the hackers managed to pivot into everything owns. The plan was probably to backdoor bitcoin core, but after luke-jr detected his server being compromised the hackers figured they were burned and decided to run off with whatever bitcoin they could get from him.
He probably run a full node and an LN node on his server, to contribute to Bitcoin network. This requires storing wallet.dat on the server, and keeping non trivial amount of coins in it.
I know little about LN node, but a regular full node doesn’t need a wallet. The reference implementation does come with a wallet but it doesn’t need to have any balance.
If a Bitcoin core developer couldn’t be bothered to keep a hardware wallet, why would a regular Joe be bothered to do so.
Also, how is having a hardware wallet supposed to be secure? Hardware wallets may get stolen, lost, damaged, etc.
Edit: Also, the link you have shared doesn’t even allow you to choose the “New” user type option if you pick a hardware wallet, allowing you to choose only the Experienced user type option.
IOW, a hardware wallet is something that’s only considered usable by someone who is experienced.
Sorry but bring a horse to water is more of an analogy for the unitiated and enlightened can he shown and not adopt. In this case they were at the highest level of crypto so not really. I think saying idiot isnt true considering what theyve accomplished in career. Sounds more like core design flaws. People want convenience with finance and hardware wallets arent convenient, so he knowingly sacrificed security for convenience.
Nice straw-man argument. Eventually, you will understand that bitcoin is not crypto. There's bitcoin and there's everything else. Everything else is a scam. Bitcoin is the hardest money ever.
Please, stop doing that. You won't get anywhere by saying all other major projects that occupy the same space as Bitcoin are scams. You're not helping bitcoin by doing that. You're not convincing anyone that bitcoin isn't crypto; it's the first crypto, and frankly it's been superseded by other FOSS projects like Monero and Ethereum in various places. Either all of crypto is a scam, or we have to take things on a case-by-case basis. By using this Bitcoin-only logic, you're just turning more people over to the former position. Many of the best innovators in the scene have been working on anything but Bitcoin for a long time.
"Context now that the editorialised title has changed, this is a core Bitcoin developer."
I don't know this person, I am not involved in any way in the bitcoin ecosystem ... but I have thought about it a fair amount, specifically wrt opsec and security practices, self custody, etc.
One of the conclusions I have always come to was:
If I was known to have a lot of bitcoin, for any reason, I would work hard to make it public knowledge that all that bitcoin was gone.
Submitted title was "Top Bitcoin dev gets owned". It's great to post that kind of explanation in the comments, but please don't use the title for it. That's against the site guidelines: "Please use the original title, unless it is misleading or linkbait; don't editorialize." https://news.ycombinator.com/newsguidelines.html
A broken clock being right twice a day and all that.
Prior to becoming Pope, Benedict did lead the Congregation for the Doctrine of the Faith which was responsible for covering up the child sex abuse scandals of the Catholic Church in Ireland. In addition, while he was Pope, someone high up in the church instructed the Irish part of the church to stymie the government's efforts to investigate said child abuse scandals which resulted in threatened expulsion of the vatican ambassador[1] (recalled by the vatican before it came to that), the closure of the Irish embassy to the Vatican[2] and a public condemnation by the Irish government[3].
What is much less up for debate is that Benedict and his sucessor Francis (who to be fair, has not had the same pre-papal track record as his predecessor) were fairly elected leaders of the catholic church by its own mechanisms.
Also don't take this as approval or support for the guy's reactionary views of what he thinks catholicism should be.
This all stinks. Between the bio, the vague tweets about server hacks (implying Intel ME or a physical server compromise is at fault, really?), the vague tweets about this situation... Something fishy is going on or wow, really proof that sometimes it's just about being in the right place at the right time because wow dude does not have the first clue about security. Hot wallet, compromised, unrotated servers, come on.
"My colo'd server that stores my hot wallet keeps getting compromised. <days later> Welp the wallet is emptied".
I’m struggling to understand it. I hate crypto but I thought the ease of spinning up new wallets was a benefit. With that amount of money and the knowledge I was being targeted, I’d have hundreds of cold and hot wallets to distribute the attack surface. Perhaps I’m misunderstanding crypto or the situation.
Not to defend Luke but I nowhere read that he stored wallets on the hacked server and I think he explicitly stated that the server was not used for wallets.
Just for a little context luke jr was infamous on cryptocurrency forums for being adamant that the sun revolved around the earth, all religions other than catholicism are evil, there is an "ethical aspect to slavery" and that bitcoin's 1 KB/s throughput was too much and should be cut down even further.
I'm not going to comment on his overall opinions, but it does seem like his judgement is severely compromised. I wonder if that led to the negligent behavior which allowed the coins to be compromised and stolen - a discount server host with a history of being compromised seems like the absolute wrong place to store large sums of value.
Inclined to agree here. Luke is going on about Intel ME backdoors on Twitter, but in reality there will be a far less crazy explanation for how he got owned.
You can easily protect your hardware from all but the most determined adversaries with extensive physical access. Epoxy in ports, case intrusion detection and locked down boot chain. Use TPM2-totp for verified boot.
Your colo provider can be thoroughly owned, your adversaries can have physical access to the server for extended periods of time and still not be able to do anything because you've denied them access to any ports that'd allow DMA.
Lots of cheap DIY options for fancy case intrusion detection going way beyond that offered by mfgs. USB camera and some tape?
You are misrepresenting the slavery discussion. "Ethical aspects" means "analyzing the ethics of slavery". It "slavery is ethical". And the diacus5 was about (awkwardly defined) theoretical models of voluntary lifelong servitude (but still called "slavery"), in explicit contrast to existing historical models of slavery.
But yes, Luke Jr's comment was a non sequitur for two reasons. (Any Catholic analysis of Jesus is necessarily a bit of a non sequitur, since Jesus and his disciples weren't... Catholic. )
The geocentrism discussion is interestingly similar: in the same thread he makes two claims, one saying that geocentrism is equivalent to heliocentrism (which is mathematically true, and which is better depends on what specific system you are modelling), but then also says that the Sun orbits the Earth is true and scientific consensus, contradicting himself.
There is a very easy rewrite of what he wrote that makes it totally fine, and probably what he "meant": models are broadly equivalent, choose one based on convenience for the problem at hand, and spirtual truth is independent of science. But since he appears to have strict religious beliefs in the infallibility of Scripture, he can't go all the way to commit to saying that the Scripture is scientifically wrong, though he did hint at it.
He's either a very poor communicator (like many forum posters are in forum posts) or his thought process is quite inconsistent and self-contradictory without him noticing.
It's certainly not the cause of this hack, but nobody should be using asymmetric encryption to protect their own stuff. It should only be used for communication with another party. Quantum computing will eventually be a thing.
So use symmetric encryption whenever it's at all possible.
Is this what you mean? What's the best way to do AES these days? AES-256-CBC? Is there "symmetric encryption" that is public key/private key? I know AES you just need IV + key and you're "good to go"?
I think he’s just implying that since asymmetric depends on the reverse operation being slow, there will eventually be a system fast enough or a non slow algorithm for the operation.
A bit far fetched IMO if the threat model depends on quantum computing but I have no idea about the subject so…
999,999 times out of a million, the answer is no.
the 1 time out of a million is when an attacker manages to intercept the hardware wallet being shipped to the victim and tamper with it.
That's not the hardware wallet being exploited though, it targets the user's computer. Verifying the address on the screen of a hardware wallet during confirmation would reveal the mismatch.
But most HW wallets have tiny screens that make users apathetic to validating tx data.
Probably not, he was storing his bitcoin private key on a low cost server, that regularly got hacked, as recently as a month ago. And he kept using it.
The hacker will have a rough time converting these to USD without exposing himself. If they’re in Russia they probably don’t need to care, but there’s a reasonable chance they live in a country that the FBI can reach.
On the other hand, no one can do anything until the coins are moved or more information is uncovered. What a nightmare to lose $3.6m overnight.
couldn't he convert it to monero, perform a couple of wallet to wallet transfers (maybe even divide the amount along the way), and then sell from there?
Just use Defi - take a loan from a "smart" script with a collateral of tainted bittokens, then cash out loaned tokens, and never repay the loan. Isn't Finance 2.0 amazing? :)
Isn't it surprising that an early Bitcoin adopter has "only" 216 Bitcoin? Didn't he join at a time where you'd be mining full blocks solo?
(One of his later tweets claimed that "it's basically all gone" or something like that, implying this wasn't just a small fraction of his total coins.)
People forget bitcoin wasn't worth anything for a long time. You take care of an asset worth millions very differently than an asset worth pennies and too much of a pain to transact for cash anyway.
No, that's factually wrong. In 2011 you would need to mine with at least a GPU, and a single one would barely produce 100 bitcoins in a year if not less.
I was wondering if he used LastPass. If I had those exfiltrated vaults, a key Bitcoin dev would certainly be high up in my list of who to brute force first.
Peter writes in that thread that "computer security is a mess" and also that any competent IT professional can secure their cryptoc with [whatever is considered state of the art this year].
Imagined banking was only available to people with equivalent of a college degree in finance and ongoing continuing education
..but also half the education is provided by criminals trying to rob use across national borders.
It’s unfortunate. Though what do you expect when possession is ownership and there’s no mediating institution to help you with theft.
If your brokerage account somehow gets hacked and all your funds gets stolen that’s not an unsolvable problem. You’ll likely get made whole after a while. There’s people, institutions, and laws to help you.
Store digital cash in your mattress and someone will steal it, and no one will or can help.
It may come as a surprise you to that the recovery rate for BEC incidents that are not immediately detected is very low and that victims often spend years suing their banks for faulty fraud protection in court for either only a partial settlement or nothing in return.
Not only BEC, the recovery rate for ridiculously named authorized push payment fraud fraud (i.e. craigslist car scams) is also very low.
Reg E at least protects consumers from some banking malware, but still does not provide protections for phishing victims (despite new non-binding CFPB guidance)
> The challenge is that most BEC attacks will use bank accounts outside the US. In truth, the IC3 RAT recovered less than 14% of the total US$2.4 billion in BEC losses last year.
That thread I linked to is 6 years old. The people in charge of the Bitcoin software know this and keep him on the project. To me that says a lot about the core Bitcoin people.
Maybe Ethereum people are better? Let's see what Vitaly thinks about child pornography.
I'll proudly go on record saying that I think 99% of crypto related things are scams, money laundering, or for illegal activities including sanctions evasions, but the people at the top are pretty disgusting.
Yeah, I'm not sad about any of this. The guy is an ivory tower conspiracy theorist and moralistic extremist whose crazy apparently does not reach to the point of doing the bare minimum to ensuring that his stash was safe. Not even the first time he was hacked in the past 2 months.
Please don't post like this to HN. Perhaps you don't feel you owe devs who lose their Bitcoins better, but you owe this community better if you're participating in it.
> The irony here is Luke being a dev probably made it easier for him to be complacent. His security setup was frankly a lot worse than what most plebs seem to use.
> The standard advice of buy a Trezor and write down your seed on paper is much better than a Gentoo hot wallet.
5. Make sure you didn't forget the pin to your Ledger wallet and you still have your magic words printed somewhere or in the Keepass file you haven't unlocked -- all in several years.
Coinbase is lower risk here. There are more things that can go wrong in process or memory than the above than Coinbase going belly up or getting fully hacked.
Can't wait for MentalOutlaw's cover of this topic. This dude looks like he's part of Jehovah's witnesses and listens to Kanye west day-night, how can someone like that be a core BTC developer..
Maybe off topic: is it fine to publicly say that you have $3.6M in bitcoin using a profile name that exposes who you are in real life? Wouldn’t the IRS (or local equivalent) come to knock your door and ask for taxes on that money?
Assuming you’re not committing tax fraud, you’ve already told the local tax authority whatever you’re required to about it. Not an accountant, but in many places then unless it’s income generating, you may not need to declare it until you actually sell it / convert it / use it.
>Wouldn’t the IRS (or local equivalent) come to knock your door and ask for taxes on that money?
Not sure about other countries, but at least in the US any gains on crypto is only taxable after you've sold (or transacted with) it. Given that he just got his bitcoin stolen, my guess is that he hasn't sold yet, and therefore doesn't owe any taxes yet.
But I don't believe him. Lukejr has done irreparable damage to Bitcoin. His role in the mass censorship and gaslighting program that locked Bitcoin into sluggish, expensive, tiny blocks (ostensibly in order to carve out a market for Lightning, in which he had significant interest) is disgraceful, condemnable, and must never be forgotten. This exploitation of opportunity and power spat in the face of every early Bitcoin adopter and evangelist as it violated the perfect system we came to know and love from the whitepaper for commercial gain, arguably starting the trend of charlatans and fraudsters in the crypto space looking for a quick buck with reckless, corrupting abandon.
He will say anything to get what he wants, and he will truly believe he is right and entitled to do so. He has a casual, naive tone to everything he says but this man is far from either. He would look right into his own mother's eyes and tell the most wicked lies for the $5 in her purse. Don't believe anything.
This twitter account is quite wild. Timeline of dunking his frozen store bought pizzas (still in bag) into hydrogen peroxide to
“kill the coranavirus” before putting them into long-term freeze, then getting mad & @‘ing the pizza company’s twitter account upon liquid ingress to aforementioned packing…
This is what has come of the cool thing (bitcoin - twitter user is a core dev to my knowledge) I learned of as a tween, well over a decade ago.
If I had 200 BTCs I would use several multi-sig wallets. Stealing any single wallet would grant the hacker no access, and stealing multiple would grant them only access to a slice of the asset. Maybe 200 BTC isn't just worth much to the developer to warrant so many protections.
I used to be a proponent of anonymous money transfers. Then I read a few books about the extent of money laundering of criminal organisations, largest of them Putin's Russia, and how difficult and dangerous it is to investigate those crimes.
Now I think the priority should be maximum transparency. The job of solving a money laundering scheme should be as simple as a single search query, or a GPT bot question. BTC could be a part of this solution, since its ledger is open.
This is not a perfect solution, but the amount of power these criminals distill from money laundering is far too great.
Evidently a complete lack of security or worth judgement.
"$300/mo for a rack is expensive" (no, no it isn't)
"Someone booted an unknown OS from external media" (no FDE)
Machine compromised on the "17th of november* and instead of considering everything compromised, the guy continued using it evidently.
Zero sympathy whatsoever, if you can't manage the basics you certainly shouldn't be running it yourself, and definitely shouldn't be "core" developer on projects that require at least some security clue
(Also religious nutjob, as referenced in another thread)
I still don't entirely get what has happened. So he runs a bitcoin node on a compromised machine. But why would he store (or use) his 200+ BTC private keys there? He also mentions:
After reading some of the (many many) replies to tweets, it seems the story is pretty much what I summed it up as: he got compromised and failed security 101
They likely used the access they had to further infect or snaffle credentials etc - a very simple and obvious one is reverse SSH tunnels for example
Hadn't considered that as I still don't believe anyone bothers declaring and paying tax on it - not always deliberately but because most people are uninformed stupids about pretty much everything
Self custody is hard. And even professionals can make mistakes.
Most people don't think about it: they have a bank holding their "balance", a broker "holding" their stocks, an employer "holding" their salary, and maybe even a crypto exchange "holding" their tokens - until they don't.
Only when you get into the nitty-gritty of self custody, you understand it's a security hassle: you need to save a seed for crypto, or boxes of gold ingots, or precious art in special climate-controlled packaging etc.
People traded this insecurity, this chance of losing it all in one unfortunate event, for the warm comforts of having someone else custody your assets. But ask Greek people in 2008 (or Lebanese people now) how does it feel to come to a bank where you've had an account until yesterday, and find out there's no money to go around.
We're starting to see some strides being made into simplifying and securing crypto custody (MPD, Multi-sig etc.). But at its core, if you want to truly hold your asset, you will need to keep ahold of something (safe key, seed phrase, physical item etc.).
Well this sure is a pretty fascinating case, if it proves to be true, which it _seems_ to be?
One thing I'm not seeing mentioned here is discussion of the password for that wallet.dat. This reminds me of back during the 2017 bull run, when I tried to help a friend recover a forgotten password for a bottom 6-figures Dash coin wallet. We went even so far as spinning up some EC2 GPU instances to run Hashcat. In the end, considering the modest value of the wallet, it wasn't cost effective to brute-force. I think we got up to the threshold of 7-9 characters where the time/cost becomes prohibitive.
So I'm wondering, assuming the guy even HAD a password on the database file, or that we didn't have a password.txt on this server, I wonder about the sequence of events where:
1. Server is hacked a few months ago, either knowingly (target a core dev), or farmed (searching for vulnerable servers, grabbing high value assets such as wallet.dats)
2. wallet.dat is copied. IIRC gives free access to the public key, therefore revealing a high value wallet
3. In the meantime, attacker employs compute resources to crack the private key
4. After some months of doing this, finds the passwords, empties the wallet
This would seem to match my quick reading of the events. I'm now intrigued to do some sums to work out the feasibility of doing this when a 7-figure wallet is found. This is assuming compute prices are that much cheaper than 5 years ago, and that this might be a independent attacker, not some NK-style state actor.
I may come back to this and do the calculations...
reply