An “ethical” hacker has returned 255.04297985 BTC taken from users in blockchain.info’s most recent security flaw. Named “johoe” on the Bitcoin Talk forum, he :
“There were a large bunch of new broken addresses today (several 100s in one day). I took the liberty of saving some funds before they got swiped by others. If you can convince me that they belong to you (signing a message with the address is obviously not enough; the private key is already known), I will send the funds back.”
The hacker posted a with 1019 compromised addresses, in line with Blockchain.info’s recent that several hundred addresses may have been affected.
“Joehoe” went on to post a photo showing him returning the funds with his Trezor wallet. After initially offering to return them to each user, they have been instead sent to Blockchain.info, who will validate claims.
Ethical (white-hat) hacking is a contentious practice, at times employed by companies or even governments to test the robustness of security measures. Legal experts have pointed out that such practice is prohibited according to the letter of the law.
Blockchain.info said that the most recent security flaw arose from wallets being created with recycled ‘R-values’ in formulas that generate random numbers, allowing the private keys to be calculated from the public keys.
For users incurring losses due to , Blockchain.info said out of its own pocket, acknowledging their fault in the matter.