A leading Bitcoin Core developer has claimed that a hacker has compromised his Pretty Good Privacy (PGP) key and stolen more than 200 bitcoin ($3.5 million).
Luke Dashjr, a Core developer since 2011, has made over 200 contributions to Bitcoin’s code and maintains the Bitcoin Improvement Proposal (BIP) section of Bitcoin’s GitHub repository.
The hack is particularly timely given that January 3, 2023 is the fourth celebration of Bitcoin’s Proof of Keys day: an annual reminder to withdraw bitcoin from exchanges and take self-custody. Needless to say, Dashjr won’t be enjoying this year’s festivities.
PGP provides an encryption system for emails and sensitive files. It uses symmetric encryption alongside public key encryption, making it possible for parties to share files without disclosing any private keys.
Dashjr has asked for money before — but why?
Dashjr claims that a hacker mixed some of his stolen bitcoin using Bitcoin’s on-chain tumbling service, CoinJoin, and moved it to a new wallet that currently holds around 217 of his coins.
However, this version of events has been disputed, with at least one person claiming that Reactor data doesn’t show a hacker transacting with CoinJoin addresses. Others questioned whether it was really an address belonging to a hacker at all, speculating that it was simply a “boating accident” — a common Bitcoin community reference to a likely disingenuous claim of losing one’s hardware wallet.
In November 2022, Dashjr said an “unknown person” accessed his server and installed malware and backdoors on the system. He apparently tried to clean it up and switch to a new server but may not have caught everything. Now Dashjr’s asking for money.
He’s solicited donations from the public twice before but this most recent plea has led to at least one Bitcoin veteran saying that he doesn’t deserve sympathy or handouts. This critic cited his control of Bitcoin’s system for organizing BIPs.
Others have branded Dashjr as “Bitcoin maxi grade dishonest” and questioned why a longtime Core dev with more than 200 bitcoin would be soliciting donations in December 2021. Back then, the price of bitcoin was around $47,000 which would have given Dashjr a stash worth more than $9 million. Hardly down and out.
At the top of his Twitter profile, Dashjr’s pinned tweet indicates that he accepts bitcoin donations, GitHub sponsorships, and Patreon donations.
Even an illustrious dev history can’t buy trust
Dashjr has been contributing to Bitcoin Core since 2011, making him one of the world’s oldest developers. During this time, he has:
- Assisted with Bitcoin’s soft fork that activated a protocol called Segregated Witness (SegWit) which played a key role in the Blocksize War.
- Introduced BIP-22, which added support for long polling. He also added BIP-23, which allowed miners to run some pre-checks of the validity of a block before commencing work.
- Contributed widely used bitcoin mining implementation BFGMiner in 2014.
- Founded one of the first bitcoin mining pools, which he named Eligius. The Eligius Twitter account hasn’t tweeted since 2017 and its website appears to be down. Before its apparent disappearance, its hash rate accounted for about 1% of Bitcoin’s hash rate.
- Organized Bitcoin’s numerous Bitcoin Improvement Proposals (BIPs) and maintains some of Bitcoin’s GitHub.
Dashjr’s pursuits are all impressive but there are those who still doubt his hacking story and instead see this as a case of the boy who cried wolf.