BitGo Software Engineer Benedict Chan has detailed a bug in the company's recovery script which earlier today caused the loss of 85 BTC to new /r/bitcoin user rstn. The bug caused the bulk of rstn's coins to be included as a fee. Chan writes (archive):
We (BitGo) have investigated this issue and determined it to be a bug introduced over a year ago in our fork of bitcoinjs-lib. The exact line of the cause is here: https://github.com/BitGo/bitcoinjs-lib/blob/744b0f76803b8fa233ee3b221364b42bdbf9b7f1/src/util.js#L142
We had since fixed this bug in April 22, 2014 (a month later) here: https://github.com/BitGo/bitcoinjs-lib/commit/fbc7377dbfb3da0fd911f2740c18cfcd41becc1b. However, we missed updating the reference to this fix in the legacy recovery tool.
The root cause of the problem occurred during the output value serialization step when the redeem transaction was constructed. During the process of converting the number into bytes for use in the transaction, bitwise operators were used in this old version of the code, which converted the output value (in satoshis) to a 32 bit int, causing an integer overflow and truncating the output of 10227087437 satoshis (102.27 btc) to 1637152845 satoshis (16.37 btc). Kudos to the other members of the public who discovered this as well.
We would like to thank rstn for his patience and we are in private communication with him to ensure he achieves full restitution of funds.
Block #353672 was subsequently mined by AntPool and while several staff from BitGo have claimed rstn will have his loss reimbursed, it's as yet unknown if it will come out of their own pocket or if AntPool will choose to return the funds. Earlier this year, BitGo announced they would insure user funds but that policy only covers theft.