On the same day as CCN’s recent interview with “white hat” hacker “Johoe” (self-pronounced as “Yo-hew”), the German security researcher decided to speak out, literally, on Let’s Talk Bitcoin’s show The Bitcoin Game episode #7. Is this the Bitcoin community’s version of a media tour? In the 43-minute program, Jochen (the hacker’s real first name) covers a lot of ground, from how he got involved with Bitcoin to how he initially discovered a flaw.
Who is Johoe?
As it turns out, Johoe is a computer science researcher at a German university. If anyone is looking to figure out who the actual man behind the “heroic” act is, this tidbit narrows down the search. While the whole event seems laudable and should be restorative of our faith in humanity, we have to ask ourselves what would drive someone to steal (or rescue, depending on how you look at it) over $200,000 worth of bitcoins in the first place, and then what drove him to return them.
I watched this problem closely in the last days because there was another application doing similar things […] yes, I found a new key a week or something like that. So, I made it a habit to look after it every day, and this [one] morning I found these 500 new weak keys, so I knew there was a problem here. […] In this commit, the developer wrote what the problem was […] this was my starting point. […] It was clear that if I know the random numbers, then I could basically generate them myself. […] The main motivation was the technical part.
Intent is Everything
Basically, he did it for many reasons, but chief among them is the age-old hacker’s curiosity. This is a bad thing that was happening, he noticed, and he wanted to know why. He notes that the reason Blockchain.info couldn’t do what he did is that they don’t have the keys even though they store them on their server. They store them encrypted, and without the user’s password they have no way of identifying the keys. This explains their asking the user’s password via plain-text e-mail recently, a move that got them some added heat.
No matter how you look at it, it is undeniable that if Johoe had not gotten the coins, someone else certainly could have, using the same already-known methodology, stolen the bitcoins and never returned them.
Johoe also confesses in this interview to sweeping “17 bitcoins or something like that,” or an estimated roughly $5,500. He says it so casually that it leads the listener to wonder if he actually does give a damn, or if the hack in the case of Blockchain.info was so large that he simply felt there was a risk of getting caught and didn’t want to be prosecuted, either litigiously or criminally. In the case of these 17 coins, which were taken from compromised Counterwallet addresses, he anonymously donated them to the address that Counterwallet’s creators had asked for donations through. It is noted during the interview that another hacker with the same capabilities has publicly stated that he does not want to, and has no intention of, returning similarly acquired coins. The legality of the whole thing is so murky that it would seem he just might get away with it, even if all his contact information were known to the community. During this episode, he says, his “conscience” got the best of him, and this was the motive to return the ill-gotten coins to the donation address. We can only presume this is the same reason the nearly 900 coins were subsequently returned to Blockchain.info.
An Opportunity to Clarify Some Things
Johoe wants listeners to know that he did not, in fact, breach Blockchain.info’s servers to prove there were security holes or otherwise. Indeed, doing so would not have netted him the 800+ Bitcoins he acquired as a result anyway. He likes the fanfare he’s recently been the subject of, but took a moment to note the negative comments directed his way:
I liked reading these comments about me. […] There were some who said that they were thinking I was breaking into Blockchain.info just to prove [there were] security holes in there, which I actually didn’t do. So I didn’t even know it was Blockchain.info before I saw the post that they were having this problem with their random number generator.
The first question that was asked by Rob Mitchell was if he was the first to interview Johoe via Skype. Johoe said he was the first from the media, but that Coinbase had spoken to him. The contents of his conversation with Coinbase were not overtly divulged, but we can assume that Coinbase was either a) looking to avoid having such a catastrophic fail take place on its service or b) looking to hire someone like Johoe for purposes either objectively good or subjectively evil.
Johoe states that during his initial work with Bitcoin in the earlier part of 2013 he would find compromised addresses only to then discover that they had already been emptied by someone else. He says he was able to identify this trend because by process of elimination:
You see several different Bitcoin addresses and they were all emptied to the same address, and these were the only transaction to these addresses, only from the weak addresses.
We’ve All Been Schooled by a Benevolent Teacher
The interview also plays as a minor educational piece to those with a weak or new understanding of cryptography, as Johoe takes a moment to explain what an R value is and to expound a bit on how these R values can be as much an enemy when done wrong as they are an ally when done right.
Johoe declined to say what percentage of the Blockchain he thought had participated in unsafe practices such as re-using addresses for sending over and over again. He did note that for Blockchain.info, this practice is quite common. The major takeaway is that it was not receiving addresses that were at risk here, but rather sending addresses that were repeatedly used to send bitcoins.
The essence of the problem with Blockchain.info, it turns out, is that everyone who ran its application began with the same random number pool. There were “only 256 different possible streams.” This made it so the hacker could simply scan the blockchain for repeated R-values and thus determine the private key from there. In so many words – the author is not, himself, a cryptography expert by any means.
Problem Not Isolated to Blockchain.info
The hacker claims that there is yet another program currently still producing duplicate R-values, an under-reported fact that should put anyone with bitcoins on high alert. Until this problem is resolved, from a purely safety-first standpoint, everyone should take care to use the utmost precautions in all things related to their coinage.
As noted in the CCN interview of December 20th, there was a movement within the BitcoinTalk Thread to reward Johoe with donations. At time of writing, the address (15qALUZH5Yg7uMnkyBh8Ub9ZkmVsAVWJie) had only received less than half a Bitcoin.
Supposedly, the bug only existed in Blockchain.info for two hours, but that was enough time, with enough people not reloading their browser, for Johoe to jack almost 900 bitcoins. “I think I’m a good programmer,” he says in the middle of the interview, and for many this would seem a great understatement.
Images from Shutterstock.