My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.
the RNG flaw was only on keys generated by android wallets. 
Topic: 1 BTC stolen from BrainWallet due to weak key - page 2. (Read 3924 times)
I did a transaction yesterday using http://www.bit2factor.org/ in which I got about 1 BTC total.
After the transaction, I used the "sweep key" function on Blockchain.info to transfer the funds into my own wallet, and it looks like it moved it to my oldest address -- 1Gj6ubnVGcHcPMmBEhvGXhcQkpusE4vH85 -- which was originally generated as a brain wallet back in April 2013. Before the transaction, the wallet address had a zero balance.
About 4 hours after the sweep, it looks like someone came in and nabbed all the funds and sent them to 1EnuCnYuYadPAp1qTWj8rWxZvb9QQ1vFKz. According to the relay information, that transaction (3a19b0d36c19360cc0794de9b44b2fffd5a1a3a1a0322aed2b033b98f8b957a0) was relayed by 129.132.230.77 which maps to vbitcoin-08.inf.ethz.ch at ETH/UNIZH.
My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.
I am 100% positive that this was not the result of a virus or anything on my own machine -- I'm a software dev, very cautious about what I download, running Kaspersky AV, and regular scans.
After the transaction, I used the "sweep key" function on Blockchain.info to transfer the funds into my own wallet, and it looks like it moved it to my oldest address -- 1Gj6ubnVGcHcPMmBEhvGXhcQkpusE4vH85 -- which was originally generated as a brain wallet back in April 2013. Before the transaction, the wallet address had a zero balance.
About 4 hours after the sweep, it looks like someone came in and nabbed all the funds and sent them to 1EnuCnYuYadPAp1qTWj8rWxZvb9QQ1vFKz. According to the relay information, that transaction (3a19b0d36c19360cc0794de9b44b2fffd5a1a3a1a0322aed2b033b98f8b957a0) was relayed by 129.132.230.77 which maps to vbitcoin-08.inf.ethz.ch at ETH/UNIZH.
My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.
I am 100% positive that this was not the result of a virus or anything on my own machine -- I'm a software dev, very cautious about what I download, running Kaspersky AV, and regular scans.
Jump to: