Bitcoin core developer Luke Dashjr advised users not to upgrade old versions of their Bitcoin Knots wallet after he reported having $3.6 million worth of BTC stolen.
In a tweet on Monday, Dashjr said that old versions of Bitcoin Knots – a combined Bitcoin node and wallet signed by Dashjr’s OpenPGP key – may expire today. PGP is an encryption program that provides a pair of cryptographic keys to encrypt and decrypt data.
If you're using a very old #Bitcoin Knots, it might expire today.
Don't upgrade it.Instead, add to your bitcoin.conf file:
softwareexpiry=0
Or just wait to upgrade and use it until the dust settles.
— Luke Dashjr (@LukeDashjr) January 2, 2023
He warned users against upgrading it immediately, pointing them to change their configuration settings instead.
“Or just wait to upgrade and use it until the dust settles,” he said.
Dashjr’s advice comes after he lost 200 BTC worth $3.6 million after his PGP (Pretty Good Privacy) key was compromised.
PSA: My PGP key is compromised, and at least many of my bitcoins stolen. I have no idea how. Help please. #Bitcoin
— Luke Dashjr (@LukeDashjr) January 1, 2023
One Twitter user pointed out that a server breach that Dashjr reported in November, and then again on Christmas Eve, may have been the root cause of the exploit.
Still, the developer appears to be in the dark as to exactly how the hackers accessed his key, but his tweets suggest he has lost confidence in Bitcoin Knots’ security infrastructure.
“DO NOT DOWNLOAD BITCOIN KNOTS AND TRUST IT UNTIL THIS IS RESOLVED. If you already did in the last few months, consider shutting that system down for now,” he tweeted on Jan. 2.
According to him, it is unlikely that Bitcoin Core has been compromised too, but he cautioned users to verify that it has a different signer than Bitcoin Knots, which is signed by his OpenPGP key.
