Luke Dashjr, a prominent Bitcoin Core developer since 2011, was just hacked and had all his Bitcoins stolen. The amount, which is just shy of 217 BTC, was equivalent to more than $3.6 million USD at the time of filming. Not only did the attacker take Luke’s Bitcoins, but they also managed compromise his PGP key as well. This has left many people wondering how this could happen to someone who is, according to Bitcoin maximalists, one of the smartest people in Bitcoin? In my analysis of the situation there are several factors that likely lead to Luke’s Bitcoin being stolen, but him bringing attention to the theft has exposed something far worse.
Before we dive in, I just wanted to say that I’m only here thanks to supporters of the channel. If you enjoy my content and want to see more of it, you can support me by becoming a member at haydenotto.com/membership which grants you access to benefits like my private discord community, behind the scenes updates and more. Alternatively, you could just like and share this video, I greatly appreciate all of it.
Getting back to Luke Dashjr, he is yet to give a concise explanation about how his computer hardware and Bitcoin wallets were set up. He also said he has no idea how the attacker managed to compromise his PGP key and steal his Bitcoins. However, piecing together Luke’s tweets over the last months we can make an educated guess as to what occurred. Back in November, 2022, Luke announced that his server had been accessed by an unknown person who managed to install malware and backdoors that were specifically designed to compromise his system. The attacker did this by gaining physical access to the server and booting it off a USB stick. Luke, who lives in Tampa Florida, said that his server was not cloud hosted but later went on to admit that it was indeed rented and physically located on the other side of the country. This server was in an unlocked rack, because Luke didn’t want to pay an additional fee for it to be locked. Clearly, somebody at the hosting company accessed his server and installed the malware. For years, Luke has helped spearhead attacks and criticism against those who do not run their own Bitcoin nodes, so why wasn’t Luke hosting and securing his own server which anyone would agree is of significant greater importance? Bewilderingly, despite this security breach, Luke continued to connect to and use this server and on December 25th, he reported that it was again physically accessed by the unknown person. This then lead to the theft of Luke's Bitcoins on the 31st of December and upon this realization he went crying to the FBIfor help. This is laughable coming from a leading developer of a decentralized cryptocurrency, who has for years espoused anti-government views and, less than 2 weeks earlier, said “I’d rather the whole federal government disappear”. And now he wants their help.
So, did Luke Dashjr store millions of dollars of Bitcoin on a rented server? According to him, no, they were on a cold wallet which, in a now deleted tweet, he admitted was “maybe not as cold as intended”. Clearly this so-called Bitcoin expert can’t tell the difference between cold or hot wallets, and he had some elaborate non-standard setup that he thought was cold storage but wasn’t. Peter Todd, a fellow Bitcoin Core developer, revealed that Luke’s workstation, which he presumably used to access the infected server, was running Gentoo Linux and that Luke did not segregate his activities. Peter went on to confirm that the stolen Bitcoins were kept in a hot wallet on this machine. According to Luke, the workstation was in his office which he is “fairly consistent with locking”, so how was it accessed by the attacker? In my opinion this goes back to the compromised server. It is likely that when Luke used his workstation to connect to and use the server, the attacker was able to create a backdoor. This was probably done through an exploit in some app Luke used on the server and thus, the attacker gained access to the machine which housed Luke’s PGP private key and Bitcoin hot wallet. Ultimately, sloppy security practices like renting a server, not separating various activities, and knowingly connecting to an infected machine, were the root cause of this theft. It could have all been avoided by simply using a hardware wallet, which Luke refused to do because he thought he could do it better.
Some people have speculated that, given its tax season in the United States, Luke fabricated this elaborate story about the server breaches and stolen coins to avoid paying taxes on them. I beg to differ, because in his panic upon discovering his Bitcoins were stolen, he published the details of how much Bitcoin he owned, and this subsequently revealed that he had been grifting off the Bitcoin community for years and pretending to be poor to solicit donations. Just a few months ago, when he was still a multi-millionaire, Luke Dashjr was attempting to haggle somebody down to $50 for a used Google Pixel. He also asked for help with getting a loan because the bank refused him due to his work on Bitcoin. Now we know this was probably just part of keeping up his appearance of being poor. If he didn’t, how would he get people in the Bitcoin community to pay to fix a broken window in his house? Yes, that really happened. In September 2017 a fundraiser was held for Luke with the goal of collecting 5 BTC which, at the time, was just under 20,000 US dollars. They said he had been impacted by a hurricane and that he needed funding to repair damage. But honestly, when you read the list of damaged items provided, it’s all very minor but they were acting as if his whole house had been blown away. This multi-millionaire wanted the community to pay for fallen trees to be removed from his yard, damage to his front door and a new generator, instead of dipping into his own savings. And they did, in fact, the Medium post reads that since the goal of 5 BTC was reached so quickly, Luke decided to ask for an additional 3.5 BTC so that he could have cable internet installed at his home. Even people on the Bitcoin subreddit were skeptical of this fundraiser, and rightly so.
Perhaps the most egregious examples of Luke Dashjr seeking charity, as a multi-millionaire, was in October of 2020when he tweeted that he might have to go back to more paid work because he wasn’t getting enough donations to work on Bitcoin Core. In this tweet, he was threatening to leave Bitcoin Core to get people to give him money. At the time, thanks to the blockchain, we now know that Luke was sitting on at least 200 BTC which were worth about 2.3 million USD. A year later in December of 2021, when his stack was now worth more than 10 million USD, he put out another tweet. In this one he encourages a company to fund his Bitcoin development work, presumably because they would give an amount larger than individual users. He specifically wanted people to pay for him and his family’s health insurance, and cover expenses when he went to conferences. Or in other words he wanted them to fund his holidays. In the responses to this tweet, several people are seen willing to give him money. One person sent him as much a 1 BTC, or 50,000 dollars. Had they known about Luke’s actual financial situation, I’m not sure they would have been willing to give him anything.
The deceptive behavior exhibited by Luke is very much representative of BTC maximalists as a whole; a group that has always been willing to lie, cheat and steal to further their agenda. Luke Dashjr wrote most of the code for SegWit and is one of the people mostly responsible for holding back Bitcoin growth. As a result, many people think that he got what he deserved when his Bitcoin was stolen. It’s probably time for Bitcoiners to entertain the idea that Luke and his kin of maximalists are not only clueless grifters, but a net negative on Bitcoin’s progression.
