I doubt it was a bot for three reasons.  (1)  This was one hour after the problem started. Nobody would set up a bot for this so fast, you have to understand the problem first. (2) the money was stolen in two transactions, first 99 BTC, then 0.9889 in a second transaction.  A bot would have taken everything in one. (3) why didn't he set up a bot for all the other weak addresses?

My guess is that someone created a new address and found 5.9 BTC. He transferred that to his other address.  When this worked, he looked for more and created new addresses, maybe also new accounts.  He was still online when the 99.989 BTC arrived and got a notification.  17 seconds should be enough to open the send tab, enter 99 BTC, fill in the address (it was probably in his autofill history), and click send. It was a lot of luck, though.


It took him about an hour from the first weak transaction to the exploit.  And there was no information on the net at that time.
I think this was not directed, see reason (3) above, but pure unbelievable luck.  (It is not luck that he created the same address as someone else - that would have happened often enough that night - but it is luck that someone put the unbelievable sum of 99.989 BTC on just this address).


Blockchain.info promised to refund all users (I don't know if this particular case has been resolved by now, though).  They admitted that it was their fault.  The problem has been solved.  Of course, the warning "use it at your own risk" still applies.  It probably applies for every bitcoin client.  I'm not saying something similar cannot happen again.


A sequence length of 256 is not sufficient   I went more than 10 times further and even then I missed a few values that I added later.
But 256 would have been enough to find half of the money if you also attacked the signatures.


BTW, 208 is the address 1LDpUmrwVKSFyXy2czE423dH8yd4K9R9WW that was emptied first.