UPDATE (15th December 11:15 GMT): Hacker johoeâs transaction history indicates he has received a further 244.2 BTC from compromised Blockchain wallets since 8.23pm yesterday evening (GMT).
When contacted by CoinDesk, Blockchain president Peter Smith confirmed that johoeâs funds had been taken from the same wallet addresses as before. This indicates that certain users are unaware of the hack or have continued to use their compromised wallets despite the companyâs warnings, he said.
Johoe has been contacted for further comment on the issue.
The âGood Samaritanâ hacker who recently returned 267 BTC he took from compromised Blockchain wallets has revealed how he was able to collect the funds and given advice to bitcoin holders wanting to secure their money.
The computer scientist and researcher, who goes by the handle âjohoeâ on Bitcoin Talk, told CoinDesk that each day he runs a script he has written that scans recently added data from the bitcoin blockchain and looks for repeated âR valuesâ.
He said:
âEvery bitcoin transaction is signed by two values â âRâ and âSâ â which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.â
Johoe has been posting examples of such âbrokenâ addresses on Bitcoin Talk for over a year.
Upon running the script last Monday morning, he said he recognized immediately that it had found something. The script, which had discovered only about 500 such âbrokenâ keys in the bitcoin blockchainâs five-year history, had suddenly unveiled 500 more in a single day.
A second script he wrote scanned the public ledger to see if any funds had been sent to those addresses, and was startled to see the amount.
âI had prepared some scripts to assist finding and spending the money from the broken addresses, but I hadnât prepared it for this scale.â
He sorted the transactions, starting with the most valuable ones and sweeping the funds from the broken addresses into one he controlled.
The scripts prepared and signed the transactions, double-checking for correctness and transaction fees, about one every two or three minutes. Some, such as freshly mined bitcoins that can only be spent after 100 confirmations, took longer.
After nearly an hour, johoe had accumulated the first 150 BTC. He ran his scripts again on the entire 30GB+ blockchain, which took longer, but eventually netted a further 60 BTC.
Once all the transactions had been confirmed, johoe posted on Bitcoin Talk that he had the bitcoins and intended to return them to their rightful owners once the problem was fixed.
Why, when he could easily have kept the money all for himself, did he decide to do a good deed?
âI decided this beforehand. I make enough money with my day job that I can live on it. Also this way I donât have to worry that someday someone will find it out. In hindsight, this was a very good decision.â
Running the scripts once more on the entire ledge swept a further 38 BTC into johoeâs wallet.
After seeing Blockchainâs public post announcing the security issue, he connected the dots and realized these accounts must be the source of all the compromised addresses he had found.
The company contacted him after he posted his message to Bitcoin Talk. He then provided Blockchain with copies of his scripts so they would be able to notify the affected users.
Johoe posted again on Bitcoin Talk, saying that the first âbuggy transactionâ took place on 7th December at 21:53:26 UTC.
âIn principle, it should be safe to use Blockchain.info again, but I still see some bad transactionsâ, he wrote on yesterday. The continuing problems could be due to browser cache issues, he added, advising any users to clear their cache and visit their Blockchain account again.
Any users who sent money, or created a new wallet address on 7th-8th December should consider their addresses broken, he said. Even if it was not published on his list of 1,019 known addresses, he could not pinpoint exactly at what time the problem ended.
As an added caution, johoe said that anyone who visited their online Blockchain wallet during that period may have picked up the buggy script in their browser cache, which could potentially affect future address creation or transactions.
Users of Blockchainâs mobile apps on iOS and Android, and the Chrome browser extension, were not affected.
For the past few days, Blockchainâs team has been working hard to process claims and return funds â once the claims have been verified as being genuine.
Johoe said Blockchain had presented him with a âreasonable rewardâ for his efforts.
Johoeâs own wallet solution, as (now famously) evidenced by his Bitcoin Talk post, is a Trezor âVaultâ hardware wallet produced by SatoshiLabs.
âIt made me feel a lot safer than having the private key for 267 BTC on my computer,â he said.
A hardware solution like the Trezorâs isolates the private key from the Internet, meaning in principle it is impossible for a remote party to steal it. His only worry was that the device might somehow malfunction, but in the end it âmanaged everything gracefullyâ, despite taking around one and a half minutes to sign the transaction returning the bitcoins.
The only disadvantage with the Trezor device, johoe said, is the only current end-user backup support is the myTrezor Web Wallet, which does not work on mobile devices.
Otherwise, johoe recommends a client that employs HD (hierarchical deterministic) wallets, such as Bread Wallet on iOS and Armory, Electrum or Wallet32 on Android.
These wallets generate key pairs (private and public) from an original seed phrase that needs only be saved somewhere safe once, and can recover balances from that seed even if a physical device is lost, stolen, or damaged.
Even so, portable solutions are best for spending money only, with larger amounts kept âcoldâ or completely offline.
âFor larger funds, I would not recommend to keep the private key on a computer. There are too many trojans around that specializes on stealing bitcoin wallets.â
Even protecting keys with a strong password might not be enough, johoe concluded, if malware has installed a key logger on a userâs computer that could grab the password and transmit it to a bad actor.
Cryptography image via Shutterstock
UPDATE: A previous version of this article stated that johoe had returned 255 BTC. He has since confirmed that this figure has risen to 267 BTC, attributing the additional 12 BTC to addresses that were only compromised later, due to a browser cache issue.
