bc.i had two updates on December,8
First one they published bug, few hours later they fixed it
github.com has only one commit - fixing unknown bug
I was just able to reproduce the bug from the GitHub info:
If you comment out line 29, your PRNG backend will not be initialized correctly
// Random number generator - requires a PRNG backend, e.g. prng4.js
// Initialize arcfour context from key, an array of ints, each from [0..255]
function ARC4init(key) {
Private Key:
20024245551370964114963921214810962636924048065379939224750754889731391894624(DEC)
953251A6CBDFCB91E38B958AB2B5013A503130194D8AA26083F7664E84FDFE49 (HEX)
5JwzcBP4uE5miuJW4tweMbFCz85pWmvXM7e2n6kSG8j9jwKFdTj (WIF)
Edit: Their quality assurance team should have caught this bug if the code was reviewed. It's too obvious.
1Mi8X7NHHYEQR95EnvQSciJ3ChCimt65SK (Bitcoin Address)
This seems to be recovery address from the disaster, 914 BTC total, they've been slowly returning funds to users:
Does this mean the problem was not limited to the reused R values, all transfers were compromised during the few hours while the bug was not discovered? If I understood you correctly, if you seed the RNG with time-stamps from that short period you bump into the transactions which haven't had reused R values, that's how you got this private key?