The 3094 Bitcoin Theft Which Led To The Creation of The Trezor

Back in 2012, the times were a lot simpler for bitcoin HODLers. As a matter of fact, it would take another year and a half until they were even called HODLers – as the term “HODL” was later coined by the whiskey-drinking Bitcoin-Talk user GameKyuubi.

We’re talking about the early days, when the price of 1 BTC ranged from 4 to 13 dollars throughout an entire year. Today’s volatility margin for a few seconds used to be the entire market cap of bitcoin – and most of the users were cypherpunks, computer nerds, and libertarians.

Consequently, people were a lot more relaxed about security and didn’t consider all of the threat models that make all of us feel so suspicious today. Losing coins was a lot more common, as even some of the more technical users were reckless about using hot wallets.

To their credit, the wallets at the time required users to either recover wallet.dat files (in Bitcoin qt), scan QR codes of private keys (for mobile wallets), or type in the keys manually (that’s right, people used to make payments by entering addresses by hand). It would take another year and a half until the BIP39 standard was invented, so users can convert their private keys into mnemonic words from a dictionary.

March 1st 2012 – Slush Pool’s Linode Backup Servers Get Hacked, 3094 BTC Get Lost

In Early 2012, Marek “Slush” Palatinus was running his operations at Slush Pool (the world’s first mining pool, as acknowledged by Satoshi himself) with a little help from cloud hosting company Linode. Everything seemed to be fine until March 1st 2012, when Slush received an unexpected text message from his pool monitoring service – apparently, his bitcoin reserve had been unexpectedly depleted.

*internally screams*

After undergoing some investigations, the Czech cypherpunk discovered that two of the Linode servers he was running as backups for the mining pool data were compromised – somebody had restarted them and had their administrator passwords changed.

The issue concerned a vulnerability in the Linode manager software – it had nothing to do with the security of the Bitcoin software or the mining pool’s protocols. It’s likely that Bitcoin was becoming a hot topic among computer hackers, as many other Linode instances running bitcoind have been targeted around the same time.

In total, 50000 BTC were stolen from Linode servers on March 1st 2012 – thus marking the biggest theft of bitcoins yet. And all of this happened due to one security update that was succesfully exploited by hackers. Even Gavin Andresen’s bitcoin faucet, which was giving away free BTC, was affected by this unfortunate event. And yes, there was a time in history when people were giving away bitcoins for free just to grow the community and create a healthy economy.

But let’s get back to the exploit: of the 50000 bitcoins lost that day, “only” 3094 belonged to Slush Pool – about $15.312, since the bitcoin price was slightly below the $5 mark. As of March 27th 2021, this loss amounts to almost $169 million. For historical reference, you can view the transaction here.

Slush decided to cover the loss from his own pocket, so no pool participant would be affected by this unfortunate event. However, he took it all as a lesson – since he’d effectively lost the money he earned in months of doing work for Slush Pool, he decided to never allow this to happen again.

The Czech cypherpunk figured out that the issue wasn’t just Linode: it could have happened to any service which is constantly connected to the internet, and can therefore get attacked. And as the interest for Bitcoin was on the rise, a better solution for private key management had to be invented.

The World Meets Trezor: The First Bitcoin Hardware Wallet

After the 3094 BTC hack, it would take another 2 and a half years until Bitcoin security enthusiasts could get their hands on the Trezor. And the price of admission would baffle today’s coiners: 1 BTC ($500 around launch date) for the standard plastic case version, and 3 BTC ($1500 in May 2014) for the metallic case version.

But in their defence, the price of bitcoin spiked from $118 in May 2013 to $500 in May 2014, and it hovered above the $1000 mark in late November. So it wasn’t the best time to use BTC as a unit of account – though the price remained within the $400 range for most of 2014.

The road to releasing the world’s first hardware wallet was also bumpy and somewhat of an odyssey in and of itself – Slush co-opted two friends to create SatoshiLabs (Slush Pool collaborator and CoinMap creator Pavol “Stick” Rusnak, as well as business developer Alena Vranova).

Though they faced issues with the manufacturing and distribution, what they brought into the world was truly majestic: a device which manages your private keys in a secure environment, is as open source and verifiable as the Bitcoin code itself, and only makes transactions if you press a physical button to make the confirmation.

The Trezor is responsible for popularizing the BIP 39 and BIP 44 standards – after it got released, lots of wallets have co-opted the 12/24 word mnemonic words encryption format and added support for the Bitcoin Testnet. Also, due to the open source nature of the Trezor, many other hardware wallets emerged to provide extra features with various tradeoffs: the KeepKey, the Coldcard, the BitBox, the Jade, and the Passport owe their existence to the Trezor design and codebase.

And it’s not like SatoshiLabs stopped innovating after releasing the Trezor. The company is responsible for creating over 50 open-source standards and contributing to lots of other open source repositories (NixOS, Bitcoin Core, MicroPython, and more). More recently, they also decided to pursue the creation of truly transparent secure element chips with the Tropic Square venture (which might produce a new Trezor hardware wallet in late 2022).

It “only” took one Linode backup server hack and the loss of 3094 bitcoins, and now everyone’s coins are safer. So it’s definitely interesting to observe how far we’ve come in terms of Bitcoin security and how our storage methods have become more sophisticated in the last 9 years.

And the best part about it is that it’s all free and open source: so millions of people around the world can work towards improving and hardening the existing security, so no HODLer will ever have to deal with the pain of losing bitcoins in a hack. Now all we have to do is figure out how to convince our friends and loved ones to withdraw their coins from exchanges and embrace financial sovereignty.

Enjoyed This Bitcoin History Lesson? Donate to Bitcoin Takeover!

I’ll most likely never own 3094 bitcoins – but even if I get lots of donations for my work, I’m less likely to lose it. Unlike Slush in 2011, I own a Trezor (and a few of its clones).

So if you enjoyed this Bitcoin history lesson and would like me to write more of these articles, you can send me a BTC donation to this address: 36kcRqKZVW7RvJB9J6f19F34RhvzpKQuj1

And if you’re more environmentally-friendly and use the Lightning Network, you can send me a donation via Tippin.

After making any donation, you are eligible to join the Hall of Patrons – and if you would like to have your name mentioned there, please send me an e-mail and let me know about it.

Also, if you would like to buy a Trezor hardware wallet, you can use my referral code. Though you don’t get a special discount, you’re supporting my work through the small commission that I receive from Trezor.

Vlad Costea

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

So, what do you think?

Follow Me