I came across
a thread today which was pretty mind-blowing. It details someone's attempt to investigate the source of apparently non-random Bitcoin private key generation code that is in the wild:
I have evidence that some bitcoin address generation code in the wild is using private keys that can easily be discovered on a regular basis.
The author used his discovery to sweep 9 BTC from Reddit user "fitwear" who claimed the BTC was stolen from their Blockchain.info wallet. He returned the stolen BTC. The story is bloody fascinating and I highly recommend that everyone read it. Injecting a seemingly innocuous SHA256 operation into complex wallet code seems like a brilliant way to siphon BTC from unsuspecting users over a long period of time. The code is still in the wild and we still don't know who is using it.
Anyway, it got me thinking about two things:
1) I've seen both Bitcoiners and Ethereum Classic supporters point to "Code is law" as justification for similar "theft" (specifically the DAO hack in 2016). Is sweeping keys (as above) comparable? Is it "theft", or is it fairly exploiting weak code in a dog-eat-dog world? My gut says it's theft. But on the other hand, I sympathize with the DAO hacker. If you beat the system by its own rules, do you not deserve to win?
2) Ethical questions aside, is this legally
theft? If two people generate the same private key due to bad key generation, and one of them takes the BTC held in the public address, who is the thief? Does being the original owner of that BTC legally entitle you to it? There seems to be a disconnect between common law vis-a-vis "theft" and this situation. The "thief" in this case did not hack anyone. No intrusion nor compromise took place. And at the end of the day, the victim cannot
prove that he did not move the BTC himself. This makes the situation even more problematic, legally.
