Hacker Gets $3.6 Million of BTC When Privacy Key Comprised | How PGP Encryption Works

4 min read

BTC Stolen

The longest contributing BTC developer says he lost  “basically everything” BTC-wise New Year’s Day.  He states the IP address came from a ColoCrossing server.

Luke Dashjr says on Twitter that his Pretty Good Privacy (PGP) key was compromised and “basically all” of his BTC was stolen.

PGP is an encryption program designed to block data from prying eyes.

The Bitcoin developer says both his hot and cold wallets were hacked, and he speculates that the hacker compromised him “a while ago and planned it.” He also thinks the hacker “had access to his machine live.”

Dashjr says some of the Bitcoin was sent through the BTC mixer CoinJoin to this address. The wallet holds 216.93 BTC worth more than $3.6 million at time of writing.

Other Twitter users suggested the hacker could be coming from inside Dashjr’s house.

“Luke the hacker could be inside the house. Just take a minute and go to the nearest lab and have your blood and urine taken ASAP for foul play, and submit this to toxicology lab for analysis. You have been sick lately could there be a foul play here.”

However, the developer doesn’t think that’s possible.

“There’s nobody that competent in my house.”

Changpeng Zhao, the chief executive of top crypto exchange Binance, told Dashjr his security team would freeze the stolen Bitcoin if it arrived at his exchange.

“Sorry to see you lose so much. Informed our security team to monitor. If it comes our way, we will freeze it. If there is anything else we can help with, please let us know. We deal with these often, and have law enforcement (LE) relationships worldwide.”

PGP

Don’t let the name “Pretty Good Privacy” mislead you. PGP encryption is the gold standard for encrypted communication and has been used by everyone from nuclear activists to criminals since its invention in 1991. While the execution is complex, the concept is simple: you can encrypt text, making it unreadable to anyone who doesn’t have the key to decode it.

How Does PGP Encryption Work?

Imagine you want to send someone a letter but don’t want anyone except the recipient to be able to read it. The best way to do this is to write the letter in code, but you can’t send the code key along with the letter, as that’s not very secure.

PGP encryption gets around this problem using public key encryption. Everyone is assigned two keys: a public one that you can share with everyone and a private one, which you keep to yourself. What makes this system possible is that the codes only work one way. If Key A encrypts a file, Key A cannot reverse the process and decrypt it. Only its pair, Key B, can do that. Here’s how it usually works:

  1. Write down your message.
pgp-example1
  1. Find your friend’s public key. He can email it to you, have it listed on a site, etc.
pgp-example2
  1. Run a computer program that uses the public key to convert the message to code.
pgp-example4
  1. Send the message. Anyone who intercepts it will only see gibberish.
pgp-example3
  1. Your friend receives the message and runs it through his private key to decode it, restoring it to plain text.
pgp-example1

This is a vastly simplified explanation of the process, but it covers the basics behind PGP encryption. If you want a more technical, mathematical explanation, Hackernoon breaks it down in much more detail.

What Can I Use PGP Encryption For?

PGP is most often used for encrypting emails, and there are many services to help you do that. ProtonMail is one great example of an encrypted email service that uses full end-to-end encryption. Beyond that, you can use your imagination: PGP can encrypt any text you need and can even be used on whole directories and drives. Investigative journalists often list their public keys online to make it easier for anonymous sources to get in touch with them, and sellers on darknet markets often use it to ensure their customers’ personal information stays secret.

How Do I Get Started?

Getting your own key pair is actually much easier than it sounds. You don’t need to understand anything at all about cryptography. You just have to figure out a few simple programs.

Install Encryption Program

  1. Download Gpg4win. This is a free (though you can donate or just choose $0 when prompted) set of encryption packages and tools. For macOS, check out GPG Suite. You can also add PGP to Linux. As I use Windows, I’ll go through the Windows process.
Pgp Encryption How It Works And How You Can Get Started Gpg
  1. Install Gpg4win. Make sure GnuPG (the actual encryption package) and Kleopatra (a nice user interface) are installed. The other components are optional, but it can’t hurt to have them.
Pgp Encryption How It Works And How You Can Get Started Gpg Install

How to Generate Encryption Keys

  1. Once everything is installed, find the Kleopatra program on your computer and open it.
pgp-kleopatra
  1. Go to the “File” tab and select “New Key Pair.” Or, choose “New Key Pair” under the “Certificates” tab. The second option is available only the first time you use the tool.
Pgp Encryption How It Works And How You Can Get Started Gpg New Key Pair
  1. Since you want PGP keys, select “Create a personal OpenPGP key pair.”
Pgp Encryption How It Works And How You Can Get Started Gpg Openpgp
  1. If you want to attach your key to your identity, real or fake, you can enter that information here. Otherwise, you can skip this step. If you want to protect your key with a passphrase (which is more secure), check the “Protect the generated key with a passphrase” box.
Pgp Encryption How It Works And How You Can Get Started Gpg Openpgp Identity
  1. From the same dialog box, visit “Advanced Settings” and make sure “RSA” is selected. Change the default 2048 to 4096; this level of encoding makes your encryption pretty much impenetrable and doesn’t really slow you down during normal use.
Pgp Encryption How It Works And How You Can Get Started Gpg Rsa
  1. Click “OK” to exit this settings menu, then click “Create” to start creating your key. The program is now generating thousands of random characters to make your keys and will ask you for a passphrase. It’s unrecoverable, so don’t forget it! It’s best to use a password manager to back up the passphrase.

If you didn’t check the passphrase box in Step 4, you won’t be asked for a passphrase.

Pgp Encryption How It Works And How You Can Get Started Gpg Passphrase
  1. You now have a public and private key! If you want, you can back these up in a separate file somewhere, or you can email/publicly upload your public key.
Pgp Encryption How It Works And How You Can Get Started Gpg Finished

How to Back Up and View Your Keys

  1. You can generate a file with your public key in it by right-clicking the key and clicking “Export.” There are several ways to view your public key, but this makes it easy to access it whenever you want, without the need to use Kleopatra.
  2. Choose where to save the file (it will save as an .asc ASCII file.)
Pgp Encryption How It Works And How You Can Get Started Gpg Export
  1. Open any text-editing app, like Notepad. Any application that supports .asc files will work.

If you’re using Notepad, go to “File” and select “Open.” Navigate to your file to view it. You may need to select “All Files” at the bottom right. Alternately, navigate to your file in File Explorer, right-click it, and select “Open with.” Choose the application you want to use.

Pgp Encryption How It Works And How You Can Get Started Open File
  1. Open the file with your text editor to see your public key! Beautiful, isn’t it?
Pgp Encryption How It Works And How You Can Get Started Gpg Export File
  1. You can export your private key by following the same process, except select “Backup secret keys” instead of “Export” in Step 1. Make sure you store this in a safe location or just keep it inside Kleopatra; it’s perfectly accessible there.

These public and private keys can be used with any program that works with PGP, and Kleopatra itself can actually encrypt and decrypt files using your keys. If you want to take them for a test run, try encrypting a text file with your public key and decrypting it with your private key. Use the “Sign/Encrypt” and “Decrypt/Verify” options in Kleopatra.

Pgp Encryption How It Works And How You Can Get Started Gpg Encrypt

Featured Image: Shutterstock/chaweekun/Konstantin Faraktinov

Via this site and this site.

Disclaimer: Although the material contained in this website was prepared based on information from public and private sources that EcomiCrush.com believes to be reliable, no representation, warranty or undertaking, stated or implied, is given as to the accuracy of the information contained herein, and EcomiCrush.com expressly disclaims any liability for the accuracy and completeness of the information contained in this website.

Have A Story? Get Featured On Ecomicrush Plus 100+ More Exclusive Crypto News Sites