Interview with johoe, the White Hat Hacker Who Returned 800+ Bitcoins to Blockchain.Info

Published:
17/12/2014 19:54
ET. Journalist:


Today, I had the privilege of chatting with johoe, the white hat hacker who swept over 800 bitcoins from addresses generated with a security error on Blockchain.info’s webwallet. After learning that the insecure addresses were generated on Blockchain.info, johoe returned all of the bitcoins he obtained to Blockchain.info, so they could refund users who lost their bitcoins. johoe is considered to be a white hat hacker because he hacked ethically. johoe continues to return bitcoins to Blockchain.info as he finds them. johoe has received praise from bitcoiners on reddit, BitcoinTalk, and other community forums on the internet for returning the bitcoins.

Users have called him a crypto superhero, a great man, and are asking how to tip him (you can tip him at 15qALUZH5Yg7uMnkyBh8Ub9ZkmVsAVWJie).

Also read: Gentlemen Hacker Returns Stolen Bitcoins to Blockchain.info

CryptoCoinsNews Interview with johoe

Here’s the interview:

The main address johoe used to hold the hacked bitcoins contains over 864 bitcoins, or US$282,800.

How did you initially discover the issue with the reused R values on Blockchain.info?

I have a script that I run regularly that scans for repeated R values. There has been another program producing them since September, so I took a habit of watching that daily. The problem is not new for me. I followed it since April 2013. The program I use is my own one, that I wrote in 2013.

What program was this, and how many bitcoins did you sweep out of those addresses?

The one in Summer 2013 was the Android bug. The buggy RNG [Random Number Generator]. I didn’t sweep much, a few mBTC. But others were doing it as well. That it was Android I only noticed when I searched for one of the broken addresses and found a post at bitcointalk. This was when I created the [bitcointalk] account. I told him that his program was buggy and asked him which [bitcoin client] he used.

Which wallet would you recommend for the average user of Bitcoin that combines security with ease of use?

For small amounts of money one can probably use everything that one finds convenient. I would suggest using some tools that use deterministic wallets, so that one doesn’t have to worry so much about backups. Of course, if one uses a program on the desktop, one should set a wallet password and keep it clean from malware. For larger amounts, that one doesn’t need to access regularly a paper wallet should be used, preferably with the key generated on an offline computer. I use my trezor for this, though.

What is your opinion on the security of Blockchain.info’s webwallet following these incidents?

The bug shows that there is a problem. The patch was changing security critical code and it should have been reviewed more thoroughly. It was just a missing variable initialisation. Careful inspection of the code should have revealed it. JavaScript is also not really meant to program security critical applications. For example, it has no type checking.

How did you verify that the addresses you sweeped were generated on Blockchain.info?

If an address was generated on Blockchain.info at that day it was produced by the random number generator, so it was in my list of random numbers. But I could also attack addresses from which money was spent on that day. In that case the signature contains one random number from my list. I actually didn’t check that I accidentally broke an address that wasn’t related to this problem. There is still some other tool producing the duplicated R values and I’m still wondering which.

But if it happened they should see the note that they should contact Blockchain support. So it is okay :) I’m thinking I found most of the money, but I know that 105.9 BTC were stolen already in the evening (probably by some lucky guy who accidentally created the same address).

Can you explain a bit more about this other program producing duplicated R values?

We are still wondering about it. It has a different pattern. It uses a random R value, but it uses it in one transaction for all inputs. amaclin analyzed some of the transactions and said that they spent to a BTC-e address, but we don’t know much more. Since the program is usually not reusing keys often, there have been not so many broken keys and I think only very few sweeped accounts. I think I still have 0.9 BTC from one account. So if we ever find out [which program has the issue] I will offer it back.

What do you think of johoe’s actions? Comment below!

Some responses edited slightly for clarity. Address summary image from Blockchain.info. Other images from Shutterstock.

This post was last modified on (Eastern Time): 20/12/2014 22:10

Share
Jonathan Saewitz @SuperCryptoGuy

I am a teenager in high school who is very interested in digital currencies. I enjoy researching Bitcoin and other digital currencies, but my favorite crypto is Dogecoin. Please feel free to email me at jonathansaewitz@gmail.com.