Uncovering Blockchain.info’s random number generator issues those resulted in loss of funds for users.

“incredible cascade of bad decisions”

Mandrik was the first employee of Blockchain.info (he left because of the SegWit2x drama.) To verify his claims I found the GitHub commits posted on Reddit. Unfortunately Blockchain.info did succeed to take those commits down, but the url tells that the commits were made into the Android-Wallet-2 app. And indeed the developer of that app was William Hill, also known as SamouraiDev.

The Bugs Explained

Although Blockchain.info deleted the commits this Reddit explains the code clearly.

SamouraiDev used a custom LinuxSecureRandom implementation that is being seeded from random.org . However when this wasn’t available, “instead of screaming bloody murder like any sensible implementation would” he fell back to the standard SecureRandom class. Seeding this class does not add additional entropy, but replaces it entirely. This resulted in users generating wallets from seeding solely with random.org .

The next mistake was that he was “using HTTP instead of HTTPS to make the webservice call to random.org .”

But on January 2015, random.org started enforcing HTTPS . However SamouraiDev made a mistake even here: instead of acknowledging the error, as any reasonable person would do, he silently ignored it and “since that date, the entropy has actually been the error message.”

Furthermore, in his “fix” he was still using random.org .

Incompetence

Randomness is the holy grail of Bitcoin development. What would you do if you wake up for your bitcoin wallet emptied? You could even use a cold storage, you are damned if someone generates the same keys as you.

Committing a chain of bugs to the most important part of any Bitcoin wallet where even a single bug would be disastrous in itself and then introducing another bug during the “fix” is not good. Furthermore according to the original Reddit poster this wasn’t even the first occasion: “It was their BUGS on PRNG again!”.