A white-hat hacker who was able to take 255 BTC from Blockchain wallets following a security flaw earlier this week has returned the funds.
Bitcoin Talk member 'johoe', an account 1.5 years old but with only 21 posts, had always stated that he or she was taking the funds for safekeeping and would return them, writing on the forum:
Johoe then posted a page of 1,019 addresses said to be compromised, and invited users to check if theirs was one of them. Blockchain CEO Nicolas Cary confirmed to CoinDesk that the funds had been received.
Even before the funds were returned, Blockchain had admitted it was at fault and promised to reimburse any users who had lost money.
Random number flaw
The problem that led to the vulnerability was reportedly wallets generated with previously used 'R-values' in formulas that generate random numbers, meaning a hacker could use the public address to calculate its private keys. If R-values are unique, this should be impossible.
For the technically-inclined, Blockchain CTO Ben Reeves has pointed out the mistake in code on Blockchain's GitHub page here.
Blockchain posted in a statement that the issue affected web wallet users who had created a new wallet address or sent funds from an existing address during the period the vulnerability was live.
Still solving the problem
Customers on Bitcoin Talk and Reddit, while relieved their funds were swept by someone with good intentions, are now contacting Blockchain to prove their losses and have them returned.
At this stage, however, it is not 100% confirmed that all funds removed from Blockchain wallets were under johoe's control. At least one user has claimed that nearly 100 BTC missing from his wallet have gone elsewhere.
Blockchain is in the process of examining "thousands" of customer claims and support tickets for authenticity before reimbursing.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.