Reused R values again

[CIYAM]

But a C++ program is a C program encrypted with a very strong encryption method. 

Hmm... well I know this is a joke but I do hope others know that C++ is not just C with some additions (they are almost as different as Java and JavaScript).

[1713301758]

1713301758

[1713301758]

1713301758

[1713301758]

1713301758

[lontivero]

The prng code is 30 lines.  It was trivial to resolve the few syntactic differences by hand.

Hmm... I used to test potential employees with less than 30 lines of C++ that only one out of one hundred understood perfectly so I guess that you must be an extremely good programmer.

But a C++ program is a C program encrypted with a very strong encryption method. 

+1. It is my favourite write-only language after perl 

[bcearl]

Okay, I hope everybody closed the browser tab with the blockchain.info wallet that he opened 10 days ago. Because now everyone following this topic will implement his own rng cracker.

It would be more important that wallets start implementing RFC6979-style signatures, otherwise these kind of bugs will always come up.

[goosoodude]

... If I understood you correctly, if you seed the RNG with time-stamps from that short period you bump into the transactions which haven't had reused R values, that's how you got this private key?

https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c

In a nutshell, just poor seeding of the RNG.

Because line 29 was missing from the original source code file (rng.js), the length of the key variable used in the function below ARC4init(key) from prng4.js is always 0. Which means you are left with only 256 possible seeds. Each of the 256 possible seeds produces its own sequence of numbers (which you can assign to some variable, for example k or d, etc) which can be used for secp256k1 point multiplication.

secp256k1: (G=base point, k=ECDSA nonce, d=private key)
point R = k*G (used for ECDSA: k and x-coordinate)
point Q = d*G (public key)

// Initialize arcfour context from key, an array of ints, each from [0..255]
function ARC4init(key) {
  var i, j, t;
  for(i = 0; i < 256; ++i)
    this.S = i;
  j = 0;
  for(i = 0; i < 256; ++i) {
    j = (j + this.S + key[i % key.length]) & 255;
    t = this.S;
    this.S = this.S[j];
    this.S[j] = t;
  }
  this.i = 0;
  this.j = 0;
}

Thanks, very informative. I assume then that the problem is fixed at the Blockchain.info end.

The earlier issue was due to counterwallet. Does that mean that Blcokchain.info has no issues now?

[johoe]

The Blockchain.info issue should be fixed by now.  There are still coming some bad transactions but they dwindled down to one or two per day.  Also there are still transactions to the broken addresses, which usually get sweeped by either amaclin or bc.i or others, whoever is fastest.

I wanted to do a little after-math of how much money was moved by whom.  It is hard to get exact numbers.  Often I have no way to know whether a transaction is legitimate or if someone is stealing money from weak addresses.  I think every item on the following list is correct but there may be more.

• 870.7 BTC saved by me (they went through 15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP)
• 105.9 BTC stolen by 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ
• 53.0 BTC saved by Blockchain.info
• 36.2 BTC stolen by various 1xy and 1aa addresses.
• 3.7 BTC saved by bithernet (1PGfLgFtRHgdgvPNvmHMjtsWwF4fyG1jvh), not yet returned
• 0.24 + 0.084 + 0.016 BTC stolen by 1824bso2XgKTm7XThA75A2gdMpt3jSxW5M, 15hM4CMs7JZ3JjQHmvGhS4NKSsqhKMsQXu, and 1MKSWH9pShsLdV54cRLDQ9JKarsjXK4ms5

That's about 1070 BTC total.
Did I forget something important?   For all I know, there could be 100 BTC sweeped to various addresses, or the list could be complete.

[BitPappa]

The Blockchain.info issue should be fixed by now.  There are still coming some bad transactions but they dwindled down to one or two per day.  Also there are still transactions to the broken addresses, which usually get sweeped by either amaclin or bc.i or others, whoever is fastest.

I wanted to do a little after-math of how much money was moved by whom.  It is hard to get exact numbers.  Often I have no way to know whether a transaction is legitimate or if someone is stealing money from weak addresses.  I think every item on the following list is correct but there may be more.

• 870.7 BTC saved by me (they went through 15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP)
• 105.9 BTC stolen by 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ
• 53.0 BTC saved by Blockchain.info
• 36.2 BTC stolen by various 1xy and 1aa addresses.
• 3.7 BTC saved by bithernet (1PGfLgFtRHgdgvPNvmHMjtsWwF4fyG1jvh), not yet returned
• 0.24 + 0.084 + 0.016 BTC stolen by 1824bso2XgKTm7XThA75A2gdMpt3jSxW5M, 15hM4CMs7JZ3JjQHmvGhS4NKSsqhKMsQXu, and 1MKSWH9pShsLdV54cRLDQ9JKarsjXK4ms5

That's about 1070 BTC total.
Did I forget something important?   For all I know, there could be 100 BTC sweeped to various addresses, or the list could be complete.

Thanks!

[lontivero]

• 105.9 BTC stolen by 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ

They were sent to this address at approximatly 00:50:20 GMT 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ
Within 17 seconds of me depositing 100 btc into my account they were stolen and transfered to another address without me even being logged into the blockchain wallet servce.

I robot that scans new transactions (timestamped or not), awsome! 

[bcearl]

I robot that scans new transactions (timestamped or not), awsome! 

The thief's transaction was even in the same block. That thief was quick.

[Supercomputing]

• 105.9 BTC stolen by 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ

They were sent to this address at approximatly 00:50:20 GMT 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ
Within 17 seconds of me depositing 100 btc into my account they were stolen and transfered to another address without me even being logged into the blockchain wallet servce.

I robot that scans new transactions (timestamped or not), awsome! 

Sorry mate, this bug was trivial to exploit by others. It took me less than 30 minutes after reading this thread to reproduce the bug. Which also included using block blockparser (https://github.com/znort987/blockparser) to compute and extract all compromised Public Keys and ECDSA signatures from the block chain as a result of this bug. Blockchain.info has no valid excuses if some of the BTCs were stolen by dishonest people and should be held accountable. Use Blockchain.info at your own risk.

Thanks to johoe for his honesty, we need to greatly outnumber the dishonest people looking to make a quick profit at the expense of others.

How your address was compromised:
114341855106315163431732800342145048132004074228743866970475626282250711110702 (DEC)
FCCB325269DDDA26D3D25870B9B326ED480B75FCBDCEA076964A87DDA590942E (HEX)
5KjcrjKnEofg5752fx8fGYPzXBaeQVHTdSqCuCzKR17VLULCeTW (WIF)
1QCRoj5dPAsADvzd2o7NBy6kywBEkfC1Xh (Address)

Poor seeding of RC4 (with only 256 possible seeds)
Generate a sequence of numbers with each seed (a sequence length of 256 should be sufficient)
As a result, you are left with 65,536 (256 * 256) possible k or d values for use with secp256k1.
Compute the scalar multiple of the base point G and compute Hash 160 (will be the Public Key)
Compute the scalar multiple of the base point G and the x-coordinate (will be part of the ECDSA signature)
Use  blockparser (https://github.com/znort987/blockparser) to search only for those possible 65,536 Public Keys or ECDSA x-coordinates (trivial modification to blockparser is necessary)
Output all compromised public keys

Number of hashes (Hash 160) loaded from the block chain: 57294273

Number of RC4 generated private keys to load (Round 1): 256
0 = 188941a3375d3a8a061e67576e926dc71a7fa3f0cceb97452b4d3227965f9ea9
1 = 80e0e182029293933495766768783a1b5cae0f766117c4c6885a3c2e2a3496d
2 = 106a2f3983db8d2e5845aee5c0134d20b419d241185528f02742429fd505bc2
3 = a211d6404bea71cd1be2ad397f9f663624a24fb0f48b5abdcc00137729b43758
4 = 27340f7f04afc7c96b88fd5666a426368cd7ed9349656eda08d1d3ec643e6a2b
5 = c73dbee8b24f1968ad7edd2b7fa1e9eb88c5449ae0ac3c22a21d3193757cac84
6 = 46fa23a9a3a219c770e80887113640f2b0e8b60af9ebfbfda42978ae9c6073fd
7 = 8828e80332162093ac404ace9e772319e9c6981542b55d2d8d37e837974b1138
8 = fca55b66be0ef788602913c38dcac2ae1845d80fc5775c33f719b85152f2786b
9 = dd74fd1a0daf41bb43cbbccb84a87e08f0747be4576536f90c97656526882ac6
10 = e4c3b6b4ee03a31c6688e75632cafe49da9778c05dff48ea5918210c4cc6699f
11 = 562388dc1f3ac07af72034c94e73aeeb2a9a9ac2012da8279ddf9cf28b8cdcd0
12 = f7eba4f7f692960b066fa653f16f0e32570d04bbb0f070060980dd0628ab1b26
13 = 741d26b69f44fc53e15c5aa6cc3d1c1a1afa79e35fa726b1f06bd409fdad4bf6
14 = cfb47f795df9a625c3d10ec5a321b0a2883f5a10a30a9723fdc6f5e3cd085be0
15 = 61c25d4d7b90b648a4cdba902419241f0fd37c72137515bce1a029b3bfaf06ed
16 = a632305a5575f33dcf16d9554f0562f0e245cd344c13ee1272ce7170aaff73ca
17 = 8b0f177cf68643215af609703f6b8028fe1f43e39dc0e3a4ed90738b3456b119
18 = 2e3fd17dc5f81c7d96d8799588ca64fb3578d8a122d8981f66f41ed47a39bf67
19 = 909c9d9ad33030a6eefdd400b5f72ebe6b90bd1767630e1cbfc4dd1c26752073
20 = e3f976c565e1da1b7b31d257859de54cbca39e6820a59c7c887a9c64dc1d85f6
21 = 3cd56453d5dc442aac71f515f92722a63c629ca83165ac3e7c1186b85f832a29
22 = 2c4552439ec5b31916a6b07edc8652be3988689643d9e295883e4390822c3460
23 = a1701261d9550a677a01d94be6eb24b1ece0911ab8dd08a54f963e7228076a09
24 = 3dc0550fea0d565ea64fde87867b81ce28c3ff309f3c0854322eab3cc5941ca0
25 = 3ed44c61b9e51d2dc4e36ab89a14da9cfe1565e35792db645d13921a5f99e83
26 = efc4529526e037d9eb9bf83d59387bb04dccc761003519cff59b2644d8c5869e
27 = 1b8bf002d90b6872dd92f17b23789d52e74372480e06b2285ab1db667f2bd2b7
28 = e11750eb0eacfedd8d8ac3984b1a98abad84f9cd1826e4f1d325bc23821a901a
29 = 762ed230918d5a22c46682a4c8458215cbf4c21948eceeffab39ae8b87321e77
30 = 7a5c599b3ffe2034016a9f0798f8ed929981c008a030a91d4bd5522488f9a6e0
31 = ddf244e12d7f00d43664be7fdb01bbae394297880308e416fdff57e8670ce61e
32 = ed0af2cf7318e31df938fe3ca57e7cbe5bd3e563cb7e290a5be1d09ef49e03b1
33 = 268c2d282b55c2dcceca3d478e6dc4597a975ef478fafc6149b67326f57c65f3
34 = 6f380ecf1da59804a9f0baa300d1e69ab4f8f4e3a07f60d2444c38b6fc2de7b1
35 = 6d91c54b15ef8047159b48fdcb4697b88eea010aef851d839fc50ed5bf93eb06
36 = 1f053af2341731297af0535fcd6c85e91efafe3ceb4616f12dac83737a588a4e
37 = 7e0bf4a11e67b21788c438fe6da3cb8f9ecef2495e4ef49e5fa84fec050d2e18
38 = 197dac4597ab0246fb2166c8fddc3e3ba31b86830baab134ffccc04c64bf73c5
39 = 3fbb21d9cae044910360ef49dbf89044740d29dc2f351cf7c75ab7a2ac1dd179
40 = 31ba0d1dc1eda2d77b6bfda69b2eb050db6bdaf474c12e99784b7929327c2a51
41 = a1a38f716fd8e029bd23c8972c7eb045cb369f224c5635d2cdf649662635aa6e
42 = 127effca11359e7f06c6f0ffeca469ebaaaa9bcabeb6551d3660a114050817b4
43 = 12a13bf73d68271bcb3ed4ad4c165e10e13debea179a326aca1d4b43fda54b15
44 = d15d191dc8087050aeca0bd742ed6a74bb9de17957daece6d08f1254b40b639b
45 = 6b49d33c950afa68b6a0c355cb9e2f147360157ac1a3c2673506574e23b4a6f1
46 = ebd8586251eba5612e7f0ae1461b85e7d6d01870ed72cae8757373597800971
47 = 67f81ca59a5ca45fc44dadab563516fcc5f241a91caeb494a5425ffa4268a931
48 = 7fa680c37bd42734ffe274f1665eba87062cee556e04b2893efcaecfac7b9e8d
49 = 1ac26d9747ea72743c1dbd4a67a0f456f14a1d6f2f723366b8a3eba53c09b33d
50 = f7a0032b47e85a09f1ec95e7878e5ce776b85d08b2d977a44558d3b899801c9b
51 = 50fa8eb14ee500784771439e20c37ada7ffe8ee5d7e738b5757d33cd8ba248e6
52 = dff40885eb8184959b0e17ff1d27e5b93aa5e4a9b796d79bf9b9e8773cdc40d4
53 = 7a4a0d8afc49eb9bd7c4dc5b4984254e6b5936a9a9f3f107186dd9920d58d269
54 = 59b77e8aebd0cb82661dd174ed9bd21b05a37c6cd1bfad69e2ec7799253d81d3
55 = aed9060b90ede60b9368a6620a6fe59e1acb360dbad1dcdf6ea8974b6be0b4c6
56 = 29758d1d7c3e03e84d8262b9506b71f1f9f0e9d9c8bddae245eca3e032c448ef
57 = 947b9e99cb13f7d5a00485815a5bce49a3185e45318d2942ed65744a6654e8b7
58 = a0e4966faca2aa7bf70392146bfc7d79731add9e978e00fea40dd2a25c8378b7
59 = f425e52f3b136316526de66091a6918f4955619d15d535943327d8d161aa0966
60 = 1bb16ad0410d4c364350246db1e8d026a9e8d718efe38e3c77c2e3f35b119e37
61 = 1e68fd5ef1cddd6d013859d6fe0db2d3f5309faee259d759ff172b3220b0c94d
62 = 71e9f58a98882d07bfa114dc7ac46e7b84abc6eb02c3c2e01feb21e8315c2e5
63 = e3e275254fa36a1c4048d58f8f92a291d4dc6c99624745b27076ff039a237160
64 = 792dffcb4caec516dd8159b1e478401a006efae68b96fdfa6799ba17a0285e33
65 = cbe63dc0a3cda1baab695ce4f0352b774592b214a905796a6ba9fd30e0ffc56e
66 = 7f56c8741e546fb97839e4942250487b342c64e25c0bda66d57c88889b8f8ae8
67 = 367e17b7d0bb57474aa124b0cc0a3c48ebee083d84e6da8e6f7da1cd4888cf49
68 = bfa0915178e1b5f4c6f6a7ea51c1ec368a194e1345647224ba3ea4662d462e57
69 = a96d44d458cf190e6740101dbb97c22b56097d88fdfd5eeef9334d71b1a27bc4
70 = 543db1de2743e3e86172aae7de00a1ac43721ee7cf327fc040c0db3739e72d6a
71 = 742757664e2f5a5f8bc99a8d574d7c7eb0be3c8fe289baa19293d3b24c890f55
72 = 6a363def51afce14215cfee38df0791022bde69c42fb58aaf927be7e8186fb28
73 = ee4cc5cb3a4046927530c04d21760383831d94a6916bb786b90b3e8c8843d8e0
74 = ebedff9bbbdfc2e812db9eeae059564899e1c747919fd57b40556b65dda7fabd
75 = c4e50eaaf585ace47a89e775498b41c3e085a13ca33c29a31950cf73f04cce8
76 = 2589ec4268f5bdb274b1713c57711e28454985d603e736fb571da0ca011ac54e
77 = a6164ce9fe651b7ab7dbb2483587db385891b7c430ec93b2a1994f166192e53c
78 = d621ae9ce615353fadbde76d42d2f4b94dd8450d923c596fb10f23f69f697991
79 = dde1374165cf33b1a48e2a1ed9d5243f9ae7a58586bfa22fec61311952e7d2ad
80 = aea264f0ea6e15b9d2d2b5835417852b8e22084b0ea5fbd9d6c7a4e1dc9f8a8d
81 = 2fbcde513b42a44f17c2ae9ee8a8fbc5b200c7a8e38a43f93c1b0b3f3de4f8fe
82 = ba93dbce603143dd1c6bc80425d380a0893879da1c8bad841788750b819c8448
83 = 4c739787e3649b8b00b8ec0398bd7408b00a01945dc3b8f08210d8e8fa49c8b5
84 = 73a299ff4ebdb2156d97ba50e04e06bc5a67da72a10e9862fa52df7486581710
85 = fe68d800f9589a9ed7578a4b3b35450bb845c844e574587b4c2e459d36ade133
86 = b725b564bf2af8fc3cf850d29570b87a3fe93e005aca56ca34af65f75b2420cd
87 = 195901a0e965b8a91f03a29d118c42604e5909a9c23bf2de6bc3b093a637450b
88 = 80f1440e70b6c49c7a8363d456368953469073bdd84793afc918f314efe51785
89 = f6c1c86025d9629901e03d6c267604b2238cc9c72fb2dc12d698db5b19f1ff60
90 = e48043641915cbf387bfed3669bf6cb2116fc8ec6470ae5e0818d0a01761c0d4
91 = b2376f5438690985b4c0e5aae090286b7cf5952a1f9d01b763cc3c458d81c031
92 = e0b6bd2f72864447389b1455ddd945ad140aedc3133b2998411eb0ae1e6e1ac9
93 = a01794aae793e9126860361708f23e1f84f5069ffab273a65077c2ba6ba0d3e2
94 = 8c53c8614c9a9a808dff002a44415c140fcf2f3ec729524bea2a7284d0bb46ff
95 = a687d783c9de8dc7e2ea470f607566f9e1252cc6cc299d615af5cae53ebe8832
96 = e90bab4deb358fb1bf5691a8979af06af248b7613b40bc6a5261d9535da3bdd
97 = bc981e42d9854b2e6dad275c1cc5cb5c6e89d751c24c7c6735a4297ab8bcb8f3
98 = 8ede550e856594f4a62b4c8cd1ae693fb19ea5ad49c46b0dd46ddf6089ed9c4a
99 = 25d395e9ac3605ed61584461c663171819410342401db171ff703a3668929c69
100 = 67992705e9c2bc4c0f35d693f19f4fc3c3490238c698f443362264f66310959e
101 = 96419fece5970f51180460b37aa75f2613463d8f64dbe64db92603eb14023b73
102 = c805f16945503ae9a9fe7399ef0f62b1e3b6e2c423649a2723cbe3ed9bd1ee33
103 = 953251a6cbdfcb91e38b958ab2b5013a503130194d8aa26083f7664e84fdfe49
104 = 4da88d57e9d051f99a464dd1abb47fd4a93e5871f2b6ec3335096afe37e93cb4
105 = 1509317a30002e77f1ed5d6a6e9700eb9e6050eecad2fee29a004e5e53451819
106 = 9a9c3f7ea08ba2589730c20c395797b5e18beb39820636cc049ef05a4ac7a9e3
107 = e2a051c7cfa68e9b66e4bef6c041432e5a32b8b56540d89e709c9960d53e6c55
108 = 8ebc559db2db899e3f0afcd2463f13ac009b68af2cb58e01647ae2628aee9dec
109 = 480cdec2d02dc9e308f67aa0413393a9aa4bed1d4cd1a9c4658b084dedff7fc3
110 = c16ce649c60c9bf8af489000f4fa9be7232122b4b8502a7f27b097b170dd284e
111 = 710f5f9deb3d085c0cbe17e2049464e80a4761d6bbb8638f4a5226d1499f715d
112 = a2728827324ee3d7b2546eb8ec5d41d75b8e9a6feb32cc911c6fabeff6fd782b
113 = 80fd978f79a956d1c5e882d80aee8d241d272380848d9b75073616b0484fa025
114 = 2d2b629439f87a349b4963bfe46ada0070a0cf3815aa49195261c6bcade30ba6
115 = 5b0193937d34a48ae9ee6f373162f762c8b6c2192da420194a99b1faf0b4aa6b
116 = 92148b435876f7486458e76ae7f2e7ccac57fd7240fced4564e856232f3a8461
117 = e22acd31626e032c70a103ff4abaac5f8b447b5c889abd55c8638ad6406c0503
118 = 7ef056211e8138273e007451f6f8966bcf69d32fbe1ad537731923353d01ea4f
119 = c876d383567be423eb3f1374095dda38924c02ffb52fc13c6124c5dc39592514
120 = ae3618c71053d60eef430e5d3b74bfe235b7db754d3439d7b99d0e50a6b82832
121 = 84a44284e74935e9a0aa7337c4813d017f75171bf644f6dcfa00dbf8a8975b52
122 = d3724b5ead2c8937efcac2ee93aebf4134ad683c8beb9d8e9e9a34982593fe46
123 = ad341e28321cb2e98bbfd7a3ea47aad9cc546d5ff7ffce0b0db79ee6e8a88596
124 = 2c660c32ebb1ef6311dbd863fb2a58bfa04fc52cced531a06b7ec2ae1eb305e7
125 = fd83dcd31f1c66a8f3e06fd0992ea21c58fa4e1b69744820258a5d5a800d4ee9
126 = 3b4cb98559c692cf5f6c53099fc5b6fe13e226cf779f206b6623dc42426dac35
127 = 8e59aaa598d9d95bf7f4fb1f953f7c1e3e6eb09b76ed58927310f25fdba8bd03
128 = 8b60fe87057c21c8a860efc73b902061bf3b7adfda06da4ff1fdf831dacf6f96
129 = a1647757376fb4d0ed8ed9974d63abda1c1a149205d035ca094a84f08fe52237
130 = 9c866fbe75a748ee7cfc21267559b5b2958b9492d0c20918d0f0ddd0f48fa931
131 = 983c9217c9dc8e63506cdb2787ca2d0da1c672107823ca5a3804da79d1125880
132 = 7b6ad01241224e9fb65a703f4a110999a61df63de07ae5f51810c302be817b4b
133 = 40dfeac0f9d54e88a2872ca1f1f81910ce157667b2a64ebb5d7545ea0c433c16
134 = 86d0f14b3a2d569514d43c5a1cea21431032364dc6051a48d9b27775e01c6fc7
135 = 8de6e364b6af2a8e7cd732b3e1741e253dd39c759f33a2c0847c60d0e74863c5
136 = 611a0f227fc9868541fc82d8f03c971f869e4fe31ce4240973aba5e0e185cdf5
137 = 4ca974a86ccfc278c4207be58c35612be890a1311c22753c59ff94a4aa50b06f
138 = 195f866d7cdf83787b30de43fc1ceab7f73831c7013f5ee48a2b9539ec6dee09
139 = a0f3adbd6292fe7adea8d834226c5fe78022f9fda84f0fee1d3cd65b1a683be3
140 = fe38ae76286be0719aa073109803015dfce70ab89dfe2bb73233efdaf47a79a2
141 = 41b301b75eb97d62aae5757727870cadf53966b45835231e81e6693533c40685
142 = 1d839eecb8edc4ce17fafe6430cd4f593d422d6000cc7419c243f844359d0380
143 = 4bd0707d04a28f1d40bef158dee970601716064a6923116c900438b289244b08
144 = a6cf0e5dc1c63e5ddc15d04f79343542dba1d2ffa3a7f1687cd34f39b790fe51
145 = 9ea96fc7883a71f57cfbc0ec777356a5a05dfac9fa238f1193a4fcae57074633
146 = 4c1f558aac55d556dead126781d4286adcefec7c8fd52232491e304943c3d822
147 = a161cc2a1698cd1529cf4ecdc634518a2ddcd84a778d3fb37389040fea2f5519
148 = ea87123f790a6ef1a7230bdc673ecfe9467905ac3013607f44b9e25fff233bcb
149 = 69b7eb0cfe9f91cb64450e6081463804d59bab5c08f4c85f835a19b0e73cc23c
150 = 90d7e515f98ae640327d8663266523e4670f91106eb72355634588a44f879817
151 = cac29b7fa85df2e6a28b4f8e9a5fa5e35d0fb0519a27777c0c22fa74a0c2a32a
152 = d77d6e93ba3b73343aefc5bebbe1820f3d258b023040c1077e2eb8a9bdf522ca
153 = b5c56460eb9aa61361549ba0f878de1cdcc3bdce8f2a88f5030fdfb962d1c642
154 = 8a2dcaa49fdb84a179070d98a75027f29731f52e0adbf7ff48131005be45db03
155 = ffe08a1131a13d542ac86ca912f35ed6115e17ac22db472ffad6342fdaef581f
156 = c41cbb098012f7a5148d5c3501b312c4d9d4580931bcf30cea976de6917ce766
157 = cf0cd58548a57f66a6a0b9ea6d64125baf53679ca56e62d49cd72a29defc14a5
158 = b0935ec1508b266b656174272bf645f8180de8a211835266050437744b27be32
159 = ac1baaaba130762601f92c2fe201d883defe9c8cb34baa97699c73c4cf6fa0a6
160 = f1f27bbe75e369bdba5de062d7e0b631346208cf809b94d6f7155db61672ba9
161 = 17ce6a514707a6911c4413c5b1d976ba7ddc90a08b9348626ac08a7a23e4c123
162 = 1467e879f3498c8a4196455590f0adb221c9febdc9a0fb98e5b90e0319754bc2
163 = c6fcec891be5fbed5fd50d9b4f841989e4364a06daf4c1994a47d6d495bd705c
164 = 322a875a5931216bdad704421a7e11c7b8daed55189ad44ffb69c9102fba0413
165 = c1271ff9c877f07014c429b2c1e4be8d08973d5d2725cf5f4b303f75e2aad355
166 = 827c7a4a38ad451043e6d4c42845f3d4896b5b024524e4a336813904182110b1
167 = af4dc8af3042dcb17e18c68c15d5c1522af0b365038ec625d49757004b748e2a
168 = 6c1653d90eb75d829e3b32f6a9282e3500a1d95e89fe1ba757e54eec10bf8c75
169 = 58aeed43c847951f3328384c8461f3b84e39c51a97f7e298b048b8e6aece87f7
170 = 686fe74238d147dd717685ad307b8fb3353de08834d258f3d31ced3c0ba9e3f4
171 = ed007b964373584c7cd267678d895a824e145574e57e956a7cedac36f10b252d
172 = 75116d4a7f53835b18e4e8a3a462acd52b2958c4ac7706d3d798a220b8f1166e
173 = adb4f4a96af2486e3adf8b44bcd967d83d5216967b42f658b8a547e22ac1ef00
174 = 2ad54c2b2b7585817cdf124a78b96c8c1be3c68d87dbbb69b052fa4ca06f9a02
175 = d545132288fbe6f6101d97f90be951a82551da8446a14dc7cd13e99462f6f802
176 = e8da1b70edec22d7c709a0a216af71ff2b0516ab874fd1269f2a485c4a6bc237
177 = 1afa3d40ee5c3cfc84704878d584728d4d46901af296ef3d4a2dad5ff4fb4612
178 = 7f4af06b88d2b642a41a65e55ffa35a52cfa9b80673c1309d6e1f938832b295d
179 = 5f7ed9412a41e4c54ef0810a01b35a4dab4f9b92765689baa8a3e10a2570e2fd
180 = f615c0bb16f9f244c2697260d735ae8707340a387c6bd5506e4fe7eb004ad7e3
181 = e5f4987b89ee0acf77eec01d79c2cb85202c2f81b1a0a1e684c2332ec6c7305b
182 = 70f03da0c402f09d4c7d819c3f7d8a3f5c8a3b6a366b428a1f4868e6f55305b9
183 = f8a1c94eac2f2a0edd6bc0af6726fc695b805c7c7cfc93062e44f5f10d3b4026
184 = 83965d733b2f9992ae762e8d3fa11096205d93716e6b12789e0668c275cd3afc
185 = 7f7590ea11690345b486fcdcf91548f7433b370688b331c30841536bc27f6af9
186 = 6d2c959a8e8c796a37fe4e24c7c05ae39bf8a44235d7880da3a0cb77f6f81a2e
187 = 9fdadccee2e4197bbfad0296cbb4156b8cb0a821b26fb954d02a390a66c1d9a1
188 = f59e6e36131666a38a563f01ebd89894f32358cfd56ade87b3481854be3b97d2
189 = 358c1039175752a69934268a7f6352ace89ae3b65e3cbb401a5e5701ac9e8e36
190 = 898892887e18bc3791b9c58feed9e3fc176ff341d3c53ecbea00c095488e696f
191 = 81349c04be5709e81dbc9fccaf841de05669e9cd9873604d9d17127dcd8da4e2
192 = 6adc9e0b1390a97508a9c5014fb2b01071e522603942651e4d9331db85b62600
193 = 2728fab046498b29c77bbd378ec2cf2fb23c47049511ffeb8a46a20d29f8929a
194 = 71fe736334afaacf9e9fe6ae4037186a0637e7a9ff60af25e4023a199f4067da
195 = 7626bb833897077a6ec0a325d2a6e36d483bdb7ecbaf1c3e3553f06be47d539e
196 = ce8f4b89210a2587f09bd6dda038750f8777e264fc48d2a75ce947d657b92e8d
197 = f521b60fac38ff99a564326579401f8f188b228bbbdfb814c56593cdebcfda31
198 = 720075ca7cedeb7f06561c38b4115977c9f4ebfa50414f5dc91d07c42e9a51ea
199 = 856dd550dd3e9bc111aefbf0a60221f6962e4fc60e5544161ae357c25d776445
200 = ca8ed3f8761e471cf9cf86ab56dfa2b5f927496f78674877edc72b7ad1e6fbac
201 = c2566d4471a012a1ed806d3bf3840250d7000610c5a2cf4429cfa72959483023
202 = e4e6f727897cf410b858b8d0088d8fa1cb9120434e2bc5626eed9314269683da
203 = 22181f4952f2ed436617d2d7788fa8dd6cc5d64cbf39b8d697943cb6e596fdf5
204 = 45145aa83a6ecc3f38d1ca48ddcfc07660c8af37b9abd4a0097ef5cd7d1e15a6
205 = 1b8c10a9bef442c55f167775b4f08d21aafb975595155235047d9b95d3a335af
206 = 2540854d7f6adf54ef209c27c125dbd3561d612d742ebf480f8ec22215462523
207 = 80faeef5aa58bf5df03c9272a1a945b420e1588f8c2f00fba74434aef070172e
208 = 2219035e8da17fd8d4030bfc347e442078565d53b7d06c4e2afd22d94c08828d
209 = 711633da9ca089892499350b8bddf9eed9da479aec9bba3202a22b4be661be06
210 = d8d81d8d79616b81cd70e171986efa1f62aaf02da2e8eb676fdaa6c4fbfe9437
211 = f62290205e4a1e895bd391af8baf6254b6dc50de2a9a4e27971002620b7d230f
212 = 5f9c74b61e8ba633891a87b8affda157029e0d85170d12255a9687d97e649336
213 = a174e255dba8b13bad2272bd7e11a90d5b280c307b1eb8a5103b9f572dd4da52
214 = c9688fcc1723b7382c52108efe95085c63bb03cc549265d957ff762a5aed181f
215 = cf2462552d6e564283adeaf3add5301efac78236c53cc7aedbe2e65b211fa450
216 = cf5424b4a0454c630d39d71c30b6485479c5f36e91834e3dac031dfdedb43e05
217 = d8efbf41f2dc9f5cda3cddbbee76abeead5f1481f5acf8b2296fc3c2444dca99
218 = 23374e33e1416813520eba1e4ffef577e91739766c2a57f13b0e21955a06e49d
219 = 535a86f71e12db8d7f76148ac773ff2cb84b9a4df6877d10b502352d7c32a378
220 = 9c3e6c35081bdcd2f33b0e34612348e1adcb27fa2ecc70935e6731b928e5364c
221 = 7e47577999c119c8b86d8f3fdf314dc854b7ff04119d2e920f61d6e9897fc926
222 = 160333106c26e8178bf4c493823165099371469977dff4d5095378dd6c81fd2e
223 = de293b750e83b0d39672e7c04eb64fbffb957a263f19096211c3fca222904f59
224 = 4e0c049bcf04f59d30afbbbef647a50cc125985420015ce887c38e36d664cf49
225 = 1ba4dc2494c7c80e66aef290c493bc2bd03c5e838a28ce94aa5df108193043ba
226 = 2503f6c6e845b5f01bdfa46ae8c0f33e2c298261074b7d4912d2604c55517a8
227 = 65fa5e5b8ef0a073d5e16a131bfc0c9fa8b93931c71f74d118360d37318ede98
228 = e7f107aea3843c4386784d822b90a94a59c5b66f10db3de6e5c9a4257bd59a4d
229 = fdc3b41087404727003aa6da88911ea88cdd26f6fe2f021fd112d87f65c7cd67
230 = 4ad86a30424a417d62ebd6fd2d2a7f8a0f46cc4bac633a173fd4b04393ba044
231 = bf77ceac6d66df3cbebbc15cdcfa33a3291aff998c6e0135eb64e35f840205c
232 = 91402b112825126b94cec3911197e48445a1fdf6966cdc2a732df84d5875ba69
233 = 8a5156a1f4a3386741be4125fc38748eb73ecbf32dda618c78ee14621265848b
234 = c3311e9998f517a573f8b5aba5a473843fb5b568e2a3ca60b2e9adacfdb960f1
235 = 6728cbaacaf569d3c09403f62130d6ef79edc62fd8f903c85ca9ccaf4cdf0ce4
236 = 55a979e581bdf536fc3b288a07a57a8100f5a7ef20093fce225008ef828de120
237 = 91fb62f1e9e6013ee1563edcdfc15b5f5ed22c8c76de881188e2a0d045100d48
238 = 7089f18780d4dd8593a8e18851e1ba371e1b6cb9a01cd317a79b8a57231bd321
239 = f758b773976f91c117ad1375d5acb63f611367c1797fb51975724c06a7a8a651
240 = 6c5a103cc9503706dbadf257c388fb07150ac56dfe424fb84813645d70e1baf1
241 = 90505783c453339308de56b8bae4afc8321a28fc2db5346784d2cffda8e7c44e
242 = 7e433a595f2e3a649b07332011f3e673788e5e454f00c44efee269b8bf6fdff7
243 = 3c60e61f9b9263bb4e1d495f5afeac8bce37d54949f15d835da8bd5fdc637b8c
244 = 6b27d8f7c9b62e67a19dffef5333ea9f556f69846831b73e4c26fdef81eae658
245 = d7e1f4570eeafe2e5f9c7eb33f7e5221920b4101706917e5ab39d70f15282c50
246 = fccb325269ddda26d3d25870b9b326ed480b75fcbdcea076964a87dda590942e
247 = 8b8bb0dccc3c1f1afa05e2342b7ed3481a0deaf999fe9dfc0bb5aa43861eac95
248 = 9e69f739cdd6bf66ad9f083d3801ed790d1054f7e43403885915513df7a3382b
249 = 8d1a57928a1b293f776ba8b6f99786b167da68c9ceb539b1b4319f90c7b965e9
250 = 7d5aaf6ddb07982c34921c1bd2ed4fc49e7e5585f496e23d4f5f121671ece6aa
251 = 8b390159b19781a8640f229ecf23cb07ba91d6463d0bb2125a6bc4d1ccabec6a
252 = 60c22230ae9fa569431cd975cf6e2e9ce0b2e16097dad2892212b9c745b96c06
253 = e69a721981d35c551ce555ed0d5f24e6ba7e839c0cfe4b49cecfc8ea147f9a1a
254 = 171f993858c19e920d9b90bc0377e0f8609945c2c8eac592dc5936c1643e198c
255 = 252f2470531bb0394b93b4c46fdd9ce8bcf0f16edbbbd3ed4573ec5198b8e6a3


Searching for matches against (Hash 160) hashes:
2 = 7db7c7535e0991649ebfd0306fc386f090526e21
3 = 6b2f1a0c84c08359bca8908d347ab42a9bb4591b
6 = 33b260edb9eb4b5f4b799e8915ea072036a522c5
7 = 4f72a001bc40e65bfa1ae46d8f21f767e3dcc7b2
8 = 16342dbc831017788ef7e0694c38bb66630cfd53
9 = 4e944938de9334373e012958c98e7be6dbae5c4f
11 = 39fb0f691436bb05bc09d94e819bb679cebb34f7
13 = 4a7ddedb2c6d245eef21b953646afb4f5aae7037
15 = b4c441a4047e4dc6f19256b48401c9f168f31c30
17 = 7079bb276d8b6e73caab2743f1ca94bb4eca944f
19 = 329377f7c38ce310432993610727341912ad0280
21 = d0359477f07a8efa89c01cf5eec2b12e34d4eedb
25 = 8e8110e7d9b65e70a6199c3e870b3bddbc293e71
27 = 899ba1d29e06b255e0567e9f0d01b0fcc39927e7
31 = 94489dea0500456ebe147137b062d7063dc67983
32 = 50e95a26fad750accde88223446e93e530e3b6ed
36 = 70e29aaccfdd329f6396614a30ceefcc8cbe9e3b
37 = 42da992ce9da952f5d94813a44363a787f063afb
38 = c723f26735e0cfeb3b546df726a13511dcb074c9
43 = aea0d31298d9c05577740b80ad7423c4a0610817
49 = 8b6e4b4b7fa08df7385f29c3090aaa97cd26b09c
51 = 7697bf7d127e750e2fdd1c288b392d0b50fe15d8
59 = 3836a5a948a9429017582627100c48c1b1d37091
60 = 8285e0c3e27ab69fdd73b92e511c01ed81e268dc
62 = 9b1772cfd3993cde2bf974672baeb8b911bc988b
71 = 714c7dcca2f611adf8ed02ca4fe761e66a22f9a9
72 = f1672e9ee0970a4c68340ed7648f3c26f39f217a
78 = 51e03a6ab6a05c90ba4348e65d8cbddbb16671b3
80 = fb52e723b73db20558dfdf147a262fa9223296a6
87 = 0f01f0891727860457e13c056f3e151a141c0d30
90 = 38c32212a5328c2bccaa53c4c37d2205a1012430
94 = 4ab50d118c59ab745d50340e1e578ec8b35260fd
95 = d7a1538475f71b61c72f7f43b71be4a4c69b0ba9
96 = 4f75a3b1ffc0b86623bbba55b522b68036d734d9
98 = ed9bdae7f82341e249c43e10bb4419b33f7a3805
99 = f7528f21d699a8b01b0225f9af772408f32a343b
100 = f53dad77702e3394f449606c89363bbc9a4b71dd
103 = e329d8c5a6b7e941536293adf69e488215cb4605
105 = 4dc343923bde890759ff5d51d0d1ec688cb8f6a0
112 = eacebd514452fb85aa5b41bb591cc2dc58ac0106
113 = f8de3df8cda4e4a00a7fe711c18ac8dd6e9483a5
114 = 499fd8e6ef22660d0478887c18b975eb123e142b
116 = d167ac5fc49bcad5ea3af1f6027ee176673cfd55
117 = 5e1f5f22ffdab77cc187edfbf33abd3084f9bad8
118 = 377e321e8fdb45ecc3c9e219f90e84c7ab7673af
121 = 5d796ba1049923b80292e508089e90c7d06c7644
122 = 4925fdaf3157cd78847954a89e4d1aea52b78a8d
123 = d4006979f6888bb520ff046d4ddb4565b4efcb52
133 = 51fb1d8e9918b0c8d510cfd261c52914ef2cfb3b
135 = a630220e2903c5890e7a1d47c85e1abf433d2a6b
140 = 0fd0339417478f3bb597c7b03ea53696a401240a
141 = e165904fcd411d8f9a62f1bec975c2e7f892fe3b
144 = a29b42e79c74b6b9a7ae9e67ed4b98a8a1ec22d7
145 = fa50340142612ec217d018a43359db835b2173d2
148 = ff2afcd753c4df9f0115fad27e4c1d8156a54f97
151 = 935e9279487d4e881da00ce94f95eae09f29e60b
152 = 45851539b2202afa66d1624c1b7d10604097855b
157 = 30dd7cbe29ae4bcd5e79e41754d091486c36488d
158 = a9fa6548a8577b56b46a9a9ae9427b59e9d64021
163 = 597029313231744629e4a4837787797d335aa52b
164 = 0c3466fe64d192ffc3df3c85a46a5e9e0f360764
172 = 4867bb6e0bf1c42fe2c30359c852b1b621b391ea
174 = d9bcbc21a062e31ca8aa885f17ed4ce4ed38cc23
177 = 989f7be9bcf1dc2925753d297f71f649a2eec28b
180 = 5d184bb9fc8785bbe92c6332ff4a2c13fee358ef
181 = 5e69252b60a0ff1cf19882b45da6dc565a501ba5
182 = df5e273aa4680d744c603d79196368aadc2f7c47
183 = 3902f373b09acc51a7acd3995f1efba266a8f9e6
185 = 926f4e7881762ab80809484082f96d236fe78562
186 = 7393d4b958228a9682ee584ea5656d0493fdeb23
189 = 23c537028821f079c3b606946d4f93139257fb0e
192 = 2f3fd530bd7f91aba11a47b37fb4622d265b6ecb
193 = a5cd9f5f94af65323d7757c35c319356ca38faa7
194 = 6a2ba20dfaadbae3a19cfe8e7b44504b91ccca7b
196 = c4f18e3b5cf413e192dc9ebf6716952bb027def0
197 = fa04562d4a9d8db8fc444506370521ea335897c8
198 = b3c28d557b4d9a9a4b860d385a1720ce9e5da33f
199 = 1d3a5ef42c787231465d3c6d0a756acc4c506c11
201 = e3a54a26c3209fe2940b507a12277a60a49454ee
202 = cb010887b46569b89ad538dd7c75a5c4af552d5e
208 = d2d703c8dd35e380a3c7b647391556af18fef5ed
210 = eec254fa3a94383c23fa6c4b822e7202d341eb86
213 = aa262474c9d9be0ba7efd6664afdcd51e984b361
214 = 67e0d51ff08bfc162971d164ac7488b5181b6ad4
217 = 953bf994a2a84a2c1b62590161aae9758341cad2
220 = b6041dceae5ef8ad8948dcd1a55921f3800487a8
222 = e45a4f495aaa57d2fd3498aee612e29f18068e1a
225 = f5a04566080ca573301f37a3ee729c04591f2bb1
227 = 9162bf223360617783f0060f5b2e299d557f7be2
228 = cffbcac199998769b9b5a51f6260f5e9754edbaf
229 = 8591d360c86e9b2f4eb60fb1f74567f95a6a8b35
232 = 9508e73f51e6244ff5835b979a247f2ade6b7a32
235 = 5ddc5a6d4a4eb0d673f07ae5174838ef8fdba5a7
237 = 61c141d0e3eba1afeea0e17bfe3ca5f33ac8747c
238 = 7da706f904dfbb68c81381025b54009b4b78ffe2
239 = 36e4bc17cd2f9a5085a5f76387236c1756e5b1e8
242 = 3c098f3d1ea3f967fdfcdf38443d5be6ff6d1469
243 = 39ba305c710188f70d137f9f5c645598d9161391
244 = 6c39b8461a97aa863f78b3d4f242da9dc03ee92a
246 = fe742cdfbc52ba07479f0b84eaf1a17eab016de2
248 = 387668cf3e688750cebeef4d0763b32af482f068
254 = 371ae153fc7bf6a4c507702128bd3f8c644995f2

[johoe]

• 105.9 BTC stolen by 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ

They were sent to this address at approximatly 00:50:20 GMT 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ
Within 17 seconds of me depositing 100 btc into my account they were stolen and transfered to another address without me even being logged into the blockchain wallet servce.

I robot that scans new transactions (timestamped or not), awsome!  

I doubt it was a bot for three reasons.  (1)  This was one hour after the problem started. Nobody would set up a bot for this so fast, you have to understand the problem first. (2) the money was stolen in two transactions, first 99 BTC, then 0.9889 in a second transaction.  A bot would have taken everything in one. (3) why didn't he set up a bot for all the other weak addresses?

My guess is that someone created a new address and found 5.9 BTC. He transferred that to his other address.  When this worked, he looked for more and created new addresses, maybe also new accounts.  He was still online when the 99.989 BTC arrived and got a notification.  17 seconds should be enough to open the send tab, enter 99 BTC, fill in the address (it was probably in his autofill history), and click send. It was a lot of luck, though.

Sorry mate, this bug was trivial to exploit by others. It took me less than 30 minutes after reading this thread to reproduce the bug.

It took him about an hour from the first weak transaction to the exploit.  And there was no information on the net at that time.
I think this was not directed, see reason (3) above, but pure unbelievable luck.  (It is not luck that he created the same address as someone else - that would have happened often enough that night - but it is luck that someone put the unbelievable sum of 99.989 BTC on just this address).

Blockchain.info has no valid excuses if some of the BTCs were stolen by dishonest people and should be held accountable. Use Blockchain.info at your own risk.

Blockchain.info promised to refund all users (I don't know if this particular case has been resolved by now, though).  They admitted that it was their fault.  The problem has been solved.  Of course, the warning "use it at your own risk" still applies.  It probably applies for every bitcoin client.  I'm not saying something similar cannot happen again.

Poor seeding of RC4 (with only 256 possible seeds)
Generate a sequence of numbers with each seed (a sequence length of 256 should be sufficient)

A sequence length of 256 is not sufficient   I went more than 10 times further and even then I missed a few values that I added later.
But 256 would have been enough to find half of the money if you also attacked the signatures.

Searching for matches against (Hash 160) hashes:
...
208 = d2d703c8dd35e380a3c7b647391556af18fef5ed
...
246 = fe742cdfbc52ba07479f0b84eaf1a17eab016de2
...

BTW, 208 is the address 1LDpUmrwVKSFyXy2czE423dH8yd4K9R9WW that was emptied first.

[itod]

• 105.9 BTC stolen by 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ

They were sent to this address at approximatly 00:50:20 GMT 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ
Within 17 seconds of me depositing 100 btc into my account they were stolen and transfered to another address without me even being logged into the blockchain wallet servce.

I robot that scans new transactions (timestamped or not), awsome!  

I doubt it was a bot for three reasons.  (1)  This was one hour after the problem started. Nobody would set up a bot for this so fast, you have to understand the problem first. (2) the money was stolen in two transactions, first 99 BTC, then 0.9889 in a second transaction.  A bot would have taken everything in one. (3) why didn't he set up a bot for all the other weak addresses?

My guess is that someone created a new address and found 5.9 BTC. He transferred that to his other address.  When this worked, he looked for more and created new addresses, maybe also new accounts.  He was still online when the 99.989 BTC arrived and got a notification.  17 seconds should be enough to open the send tab, enter 99 BTC, fill in the address (it was probably in his autofill history), and click send. It was a lot of luck, though.

Your guess that it was not a bot is probably right, but you are forgetting that in order for the thief to generate the same private keys means he is also Blockchain.info user and they know who he is. Nobody who was not using their wallet had no chance of hitting those keys accidentally. The coins still sit there unspent:
https://blockchain.info/tx/68e250811c2ae572e79811960909b5b9f418d2c977f6ac50226748e3cb808a2a
and the thief will have to return them to rightful owners in order to avoid being prosecuted, if he can avoid it at all since his actions are quite fishy.

[JorgeStolfi]

in order for the thief to generate the same private keys means he is also Blockchain.info user and they know who he is

The thief may be a BCI user, but it would be very stupid of him to use an address that BCI can associate to his person.  He could easily have generated an address with any other software, and issued the transactions without using BCI.

Unless he did first 5.9 BTC transfer within BCI, without thinking.

There are other possibilities, I wonder:

1. The thief may have been scanning the blockchain, like @johoe, looking for weaknesses from the previous (non-BCI) bugs;

2. The BCI programmer introduced the bug on purpose, making it seem an accidental oversight; and then started scanning the queues and/or blockchains for compromised txs.

3. The thief stole the programmer's password at Github and uploaded the bug himself.  (Perhaps he works at github.)

4. The thief hacked into the programmer's computer and introduced the bug on his working copy, which the programmer eventually committed.

Has BCI excluded the last 2-3 possibilities above?

[johoe]

My guess is that someone created a new address and found 5.9 BTC. He transferred that to his other address.  When this worked, he looked for more and created new addresses, maybe also new accounts.  He was still online when the 99.989 BTC arrived and got a notification.  17 seconds should be enough to open the send tab, enter 99 BTC, fill in the address (it was probably in his autofill history), and click send. It was a lot of luck, though.

Your guess that it was not a bot is probably right, but you are forgetting that in order for the thief to generate the same private keys means he is also Blockchain.info user and they know who he is. Nobody who was not using their wallet had no chance of hitting those keys accidentally. The coins still sit there unspent:
https://blockchain.info/tx/68e250811c2ae572e79811960909b5b9f418d2c977f6ac50226748e3cb808a2a
and the thief will have to return them to rightful owners in order to avoid being prosecuted, if he can avoid it at all since his actions are quite fishy.

The thief used Blockchain.info to transfer the money to 1M77f...  The transactions have weak signatures.
I guess the address 1M77f is some address he had with a different wallet.  The transactions sending the money further were not relayed by Blockchain.info.

Maybe he used TOR to access Blockchain.info, or maybe they already have his IP address, but prosecution would take some time, especially if he is from a different country.

I think my explanation fits Occam's Razor best.   If someone uses the buggy version of Blockchain.info wallet and creates a new address, the chance is 40 % that he hits an address that was already used, so this part is not unlikely.  The only thing that seems strange is the large amount.  But unless you want to accuse the original owner of the 99.9 BTC that he had staged this to trick Blockchain.info into reimbursing him, you have to assume that this was chance.  I don't think it was staged.

[LFC_Bitcoin]

What's happening on blockchain.info?

Lots of large transactions, loads going into this address -
1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoX

It's almost like somebody is sweeping wallets running down in wallet balance.

I'm watching it go from eg - 63.87553 BTC
to 63.65544 BTC
to 63.4323 BTC

I've just watched it go from 63 to 29.

It's going down all the way numerically.

Very strange.

Edit - Still going - 23.4566 now
Ticking down slowly.


That address - 716 transactions

Total Received   267.74962352 BTC   

Final Balance   83.73226988 BTC   


..................

This is insane, the total received is flying up on this address

https://blockchain.info/address/1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoX

[JorgeStolfi]

What's happening on blockchain.info?
Lots of large transactions, loads going into this address -
1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoX
It's almost like somebody is sweeping wallets running down in wallet balance.
I'm watching it go from eg - 63.87553 BTC
to 63.65544 BTC
to 63.4323 BTC
[ ... ]
This is insane, the total received is flying up on this address
https://blockchain.info/address/1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoX

The BCI page is quite misleading and confuses people all the time, it seems.

The "Total received" field displayed by BCI is a pretty useless number, it is just the sum of all inputs to that address, including "change-back" amounts sent from that address to itself. So it only increases.  The meaningful number is the "Balance", just below it, which in this case is now decreasing.

That 1HWu address once collected many small payments from many sources, with some transactions with dozens of inputs; e.g. https://blockchain.info/tx/c8b71a3f0594a62b66caed2d18729264d65395645dd75a1fefab5c4f49687f4f on  2014-12-21 05:21:55  The inputs did not seem to be in any particular order.  

After that, it has been sending off small payments to many other addresses, e.g. 0.02539274 BTC to 1KeyvxgehPATPnnKYYb4ZckyXCHNzc5PgM, one by one.

The owner of that 1HWu address processes each payment by taking the last input to 1HWu (say, 40.93936457 BTC), sending the small amount to the required address (say, 0.02539274 BTC to 1Keyv) and sending the change (40.91387183 BTC) back to 1HWu.  Thus the "total received" keeps increasing, and each increment is the address balance, which is decreasing.

[LFC_Bitcoin]

What's happening on blockchain.info?
Lots of large transactions, loads going into this address -
1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoX
It's almost like somebody is sweeping wallets running down in wallet balance.
I'm watching it go from eg - 63.87553 BTC
to 63.65544 BTC
to 63.4323 BTC
[ ... ]
This is insane, the total received is flying up on this address
https://blockchain.info/address/1HWuTMEpRT8vUVLJ4C6Bkb28wwH3GvZkoX

The BCI page is quite misleading and confuses people all the time, it seems.

The "Total received" field displayed by BCI is a pretty useless number, it is just the sum of all inputs to that address, including "change-back" amounts sent from that address to itself. So it only increases.  The meaningful number is the "Balance", just below it, which in this case is now decreasing.

That 1HWu address once collected many small payments from many sources, with some transactions with dozens of inputs; e.g. https://blockchain.info/tx/c8b71a3f0594a62b66caed2d18729264d65395645dd75a1fefab5c4f49687f4f on  2014-12-21 05:21:55  The inputs did not seem to be in any particular order.  

After that, it has been sending off small payments to many other addresses, e.g. 0.02539274 BTC to 1KeyvxgehPATPnnKYYb4ZckyXCHNzc5PgM, one by one.

The owner of that 1HWu address processes each payment by taking the last input to 1HWu (say, 40.93936457 BTC), sending the small amount to the required address (say, 0.02539274 BTC to 1Keyv) and sending the change (40.91387183 BTC) back to 1HWu.  Thus the "total received" keeps increasing, and each increment is the address balance, which is decreasing.

Ahhh ok.

Thanks

[dabura667]

Reading this thread, I imagine that one infographic with a picture of the sun talking about the number of bitcoin addresses could not be generated because of the laws of thermal dynamics or something.

I imagine a special parody of that with some picture of something that involves roughly 256 of something, and an info graphic talking about how fast 256 addresses could be picked.

Then paste a BC.i logo on it or something.

[548845]

Reading this thread, I imagine that one infographic with a picture of the sun talking about the number of bitcoin addresses could not be generated because of the laws of thermal dynamics or something.

I imagine a special parody of that with some picture of something that involves roughly 256 of something, and an info graphic talking about how fast 256 addresses could be picked.

Then paste a BC.i logo on it or something.

Someone call?

https://i.imgur.com/IL6PV5E.jpg

[Remember remember the 5th of November]

Priceless!

[vivalibre]

I have funds on an old key that should be gone but I just looked and funds are there.
I used it during the time this was an issue with blockchain.info

I want to move it, but it is brainwallet.
When I travel, my preson things and papers get taken sometimes, looked at and copy, but I use bitcoin brainwallet to keep money.

Best idea for me would be multisignature wallet with new keys, but how?
I have offline thumbdrive, tails with truecrypt, but if taken, then money is gone so that will not work.

Would like to know of multisig wallet where I make keys and able with sign when needed, but not store them anywhere even encrypted.
Is this a thing?

Thanks to you!