The smarter you are the bigger the blind spot, I see it all the time with ppl rolling their own security because they are “qualified”. This means you are a small mistake away from getting pwn. While everyone else using market solutions enjoy the economies of scale and the market beating they take.
Discussion
You're probably right, he had blinders on for this and couldn't see past his own intellect. Either way, it's super, super sad.
has luke verified this story himself?
Theres no other way for a hacker to steal bitcoin unless it was on a computer somewhere. The only other thing I can think of is some entropy weakness but that seems not as likely
I’m still shocked he wouldn’t be completely batshit paranoid like most of us are to leave that kind of exposure.
We're early enough with Bitcoin that almost everyone will "roll their own" solution at some point. Even the tradeoffs between single sig with shamir vs multisig have no clear winner so it's still very easy to make mistakes.
For most single sig plus passphrase will do, and they can use SeedXOR for backup
singlesig + pw is the ideal for cold storage due to simplicity. I now have a nunchuk + tapsigner setup for my day to day onchain wallet. I think this is the best setup.
That is the way. LN pocket change, BTC spending wallet, and deep cold. A few setups derisk mistakes.
It really comes down to the determination of the thief.
I would suggest it is silly to store a $3m asset in your home office, no matter what methods you use to secure it.
At some threshold you are putting more valuable things at risk (your family), than the Bitcoin.
Love the airgapping too
Keys should never touch a thing that touches the internet.
100 %
Can someone please explain to me the mistake he made? And what are PGP wallets. I don't understand. Thanks in advance.
Stored private keys on a computer
Online computer*
which he used for other internet activities also
this is perplexing tho.
does he not know what cold storage is?
https://twitter.com/lukedashjr/status/1609661811455819776?s=46&t=h0OK6DjyBsFg-vNNWDDILw
I guess, but keeping everything in a hot wallet and/or secured by the same pgp key? I just don't understand a blind spot that big, but also I suppose my intellect isn't that big. Super sad regardless.
Rolling your own is almost always a bad idea.
Unless you’re fiatjaf I suppose 😂