The flat-out denial from the NSA and The White House of any prior Heartbleed knowledge and exploitation, is to be expected, and they would only be saying different if a whistle-blower could prove that they had exploited Heartbleed.
It's inconceivable that the NSA has not studied all versions of OpenSSL from every angle to find vulnerabilities, the NSA had to have known about Heartbleed and must surely have exploited it.
I'm more concerned about the Black Hats out there that probably also knew about the Heartbleed vulnerability and exploited it for criminal activities.
The history surrounding how this vulnerability was introduced (it wasn't in older versions of OpenSSL) needs some serious investigation.
I doubt that Heartbleed is a bug and I suspect that it was most likely deliberately introduced.