White Hat Hacker Returns Stolen Bitcoins

A hacker that stole hundreds of bitcoins from Blockchain.info has returned returned them to the site after they identified a vulnerability on the site.

The mystery hacker, who uses the alias “johoe” on Bitcointalk, could have retained the bitcoins, worth around $90,000. Instead, he or she chose to send them back to their rightful owners via the wallet service Blockchain.info.

The hack was made possible due to a serious flaw at Blockchain.info that made it possible for funds to be transferred out.

On Reddit, one user said that they created a new wallet and deposited 100 bitcoins into it. Within 17 seconds, all of the bitcoins were transferred to another address.

 How Did it Happen?

The flaw appears to have been introduced during a software update that contained flawed code, causing wallets to be generated with previously used R-values allowing anyone monitoring the addresses to calculate the private key and gain access to the wallet. The issue was resolved within three hours, but that was long enough for the hack to take place.

Johoe says that he, or she, took the bitcoins in order to keep them safe before a less honest person came along and stole them. Blockchain.info claimed that less than 0.0002 of the user base was affected, but this was still an alarming incident for that small percentage.

Blockchain.info Issues

Blockchain.info has been highlighted as a potentially problematic wallet service. Users visiting the site using the Tor browser were subject to man in the middle attacks, and some users have highlighted issues with their code. These two errors are the most serious in a string of accusations against the service.

Blockchain.info said that it was working with its users to resolve problems after the Johoe hack, and would be processing refunds in due course. The consequences would have been far worse for the company if the funds had been stolen forever, so Johoe has probably done them a favour. Some users have said that they’re missing funds that haven’t been returned, but this is not verified as a separate hack and is still being investigated.

Blockchain.info is arguably the best-known wallet provider on the internet, and is also the largest provider globally. Thanks to its simple interface and lack of learning curve, it has made bitcoin far more accessible to novices. However, it has been removed from bitcoin.org’s list of approved wallet vendors until it improves its security.

Image courtesy of Shutterstock.com