Bitcoin developer claims loss of $3.3 million after PGP exploit

Quick Take

  • Bitcoin developer Luke Dashjr said his bitcoin was hacked after a PGP exploit.
  • Dashjr’s wallet had four outgoing transactions on Dec. 31, totaling over 200 BTC.

Bitcoin core developer Luke Dashjr claimed his wallet was hacked due to a Pretty Good Privacy (PGP) key compromise. Dashjr's wallet had multiple outgoing transactions on Dec. 31, totaling over 200 BTC — with an estimated loss of assets worth $3.3 million at current market prices.

“My PGP key is compromised, and at least many of my bitcoins stolen," Dashjr tweeted on Jan. 1, adding that they "have no idea how." He did not say how exactly the attackers gained access to his PGP keys.

Pretty Good Privacy is a cryptographic method to encrypt and decrypt data. It can be used to encrypt information that is stored on a server — to protect against unauthorized access or tampering. Notably, keys generated via PGP can be used to verify a specific piece of data, such as the legitimacy of a software download.

While what exactly caused the exploit is not yet confirmed, many speculate a server Dashjr used may have been accessed to steal data, including private keys to his bitcoin wallet. In November, Dashjr noted that his server had been compromised.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"The hack is still pretty fresh, so there is still not much clarity on what might have happened, besides PGP keys compromised and speculation that private keys might have been stolen from a previous server hack," noted Gustavo Gonzalez, solutions developer at OpenZeppelin.

The pseudonymous developer of Yearn Finance, Banteg, commented on Twitter the incident may be a potential "supply chain attack.” Supply chain attacks happen when a hacker enters and modifies software by injecting malicious code into a system. A formal investigation is yet to confirm this. 

The incident has garnered a lot of attention. Binance CEO Changpeng Zhao said his team monitored the assets and would freeze them if sent to the centralized exchange. 


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Adam James at
[email protected]