See the incident issue in detail at:
April 12, 2020: New CCS wallet is created by fluffypony (on a dedicated wallet laptop, a Purism Librem 14, running Qubes) and the seed shared with Luigi, half via the Wire app, and half via GPG-encrypted email – fluffypony and Luigi are the only parties with known access to the CCS seed.
How did the breach occur?
I see now.
At first I thought, “with only 2 known keyholders and likely 1 single person with physical access to the Qubes laptop, and where the whole key and wallet were probably stored in a standalone offline vault-vm, what the fuck happened?”
Until I read that they held the hot wallet on Windows 10.
Unbelievable. Opsec? What’s Opsec?
While I understand this may be a topic of interest for some of you, it is squarely off-topic in the Qubes OS forum.
Since the OP is not a member (yet) and doesn’t have access to the All Around Qubes category, moving the topic is not an option. There are other venues to discuss the events, and a link to one of them was posted by the OP themselves.
With that considered, I’ll close the topic and invite all folks interested to keep the conversation going elsewhere.