Last Updated on January 2, 2023 by Bitfinsider

Developer of the Bitcoin core Luke Dashjr alleged that a Pretty Good Privacy (PGP) key compromise led to the hacking of his wallet. On December 31, Dashjr’s wallet made a number of outbound transactions totaling more than 200 BTC, resulting in an estimated loss of assets worth $3.3 million at the time of writing.

Dashjr said in a tweet on Jan. 1: ““My PGP key is compromised, and at least many of my bitcoins stolen,” and added that he had no idea how was it lost. He did not specify how the attackers got hold of his PGP keys.

Pretty Good Privacy is a cryptographic method that works via encryption and decryption of data. To prevent unauthorized access or alteration, it can be used to encrypt data that is stored on a server. Notably, PGP keys can be used to validate a particular piece of data, like the validity of a software download.

Many believe that a server Dashjr utilized may have been accessed in order to steal data, including the private keys to his bitcoin wallet. However, the specific nature of the attack has not yet been determined. Dashjr said that his server had been compromised in November.

The Yearn Finance engineer who goes by the alias Banteg suggested on Twitter that the incident might have been a “supply chain attack.” Attacks on the supply chain take place when a hacker accesses a system and alters software by inserting harmful malware. In this instance, it’s conceivable that the hacker used a tainted PGP key to get access to Dashjr’s server and then stole the private key from his hot wallet that was linked to the server. A formal investigation has not yet been conducted to verify this.

There has been a lot of interest in the occurrence. Changpeng Zhao, CEO of Binance, said his staff was keeping an eye on the assets and would freeze them if they were transported to the centralized exchange.