I'm the security researched who "caused" all of this by reporting a related bug to blockchain.info, which is why they were touching this critical code in the first place. The broken changes (there were multiple, only one is public knowledge) was pushed into production at midnight on Sunday in the UK. I caught the change and was able to get an emergency message to them in order to get them to pull the plug. Had I not had a script watching for changes like this on their site (previous experience has shown they love pushing broken code and then hiding it in git), it might have been a full 8 hours of sleep later that they could have taken down the website. Unsung hero and all that, but people would have lost a lot more money had it not been for that.
Interesting, so how did you detect that there was a serious problem? Just by code inspection, or did you see a clash on randomly created addresses?
Their RNG was broken at least 4 times before this incident as well, it just didn't get any publicity.
This time it was special. This was the first time they created the same r value more than once. And there were 1000 repeated values in the few hours it was online.
Next time you should exploit a vulnerability, remove the coins and make it public. It will let you collect a good bounty, increase your profile and get hired as a consultant by some company and expose blockchain which will keep the public warned about using it.
That would be gray hat. I am white hat.
I had the opportunity to take all of the money johoe did significantly before he even realized it was an issue. It wasn't my place to go saving anybodies coins, it was if anybodies it was blockchain.info's. I don't know the legality of what joehoe did, as far as I could justify in my head at the time even though it was a "good" act, it would still be breaking my countries law. During the event I asked blockchain.info for permission to sweep the money and return it to the company, but they didn't respond in time.
I'm not sure about the legality, but it was the only way to save the money. I didn't break into other computers; I just took the public ledger and extracted the private keys from that. Usually, if there is a problem with repeated R values, it is exploited within a few hours. In this case it took a bit more than
24 hours.
I wonder why you didn't sweep the remaining coins that required to break the RNG. When I did this after six days, I was astonished how much money there still was on these addresses.
Lay off playing the concerned. There's a balance that needs to be struck no matter how you look at it. If people don't voice concern about the security practice of a company, there's an assumption that everything is just fine. I've given no information that could aid anybody in finding vulnerabilities in their code.
This is important.
Please refrain from giving a step by step instruction on how to hack people's addresses.
I highly respect what johoe did but I think he got carried away with his new 'fame' by telling everybody how he did it.
Not cool.
I think, I never gave a step by step instruction of how to break an address. You are probably referring to the posting how to break a particular address using a particular chain of R values and other addresses. That description showed how I broke one particular key, but that key didn't have any money anyway. I didn't include the details, or any of the private keys. Of course, you can look up the details at Wikipedia. Or you can find the other step-by-step instructions on the web. The knowledge that it is possible to follow R values over several addresses was already out; there was
another thread that started two weeks earlier. Also my posting was at a time when there were already bots sweeping the addresses when they were exploited. I tried to keep the details of the RNG secret as long as possible.