Bitcoin developer claims loss of $3.3 million after PGP exploit

Bitcoin core developer Luke Dashjr claimed his wallet was hacked due to a Pretty Good Privacy (PGP) key compromise. Dashjr's wallet had multiple outgoing transactions on Dec. 31, totaling over 200 BTC — with an estimated loss of assets worth $3.3 million at current market prices.

“My PGP key is compromised, and at least many of my bitcoins stolen," Dashjr tweeted on Jan. 1, adding that they "have no idea how." He did not say how exactly the attackers gained access to his PGP keys.

Pretty Good Privacy is a cryptographic method to encrypt and decrypt data. It can be used to encrypt information that is stored on a server — to protect against unauthorized access or tampering. Notably, keys generated via PGP can be used to verify a specific piece of data, such as the legitimacy of a software download.

While what exactly caused the exploit is not yet confirmed, many speculate a server Dashjr used may have been accessed to steal data, including private keys to his bitcoin wallet. In November, Dashjr noted that his server had been compromised.

"The hack is still pretty fresh, so there is still not much clarity on what might have happened, besides PGP keys compromised and speculation that private keys might have been stolen from a previous server hack," noted Gustavo Gonzalez, solutions developer at OpenZeppelin.

The pseudonymous developer of Yearn Finance, Banteg, commented on Twitter the incident may be a potential "supply chain attack.” Supply chain attacks happen when a hacker enters and modifies software by injecting malicious code into a system. A formal investigation is yet to confirm this. 

The incident has garnered a lot of attention. Binance CEO Changpeng Zhao said his team monitored the assets and would freeze them if sent to the centralized exchange.