The infamous Blockchain Bandit is back in the spotlight after moving $172 million worth of looted Ether after nearly two years of silence.
This hacker racked up 51,000 ETH by cracking weak private keys between 2016 and 2018, has now consolidated all those funds into one multisig wallet.
Consolidation
ZachXBT, the popular blockchain investigator shared that the transfer happened on December 30, with the hacker moving the funds from ten different wallets to a new address.
The transfers were made in batches of around 5,000 ETH each, all within a quick 24-minute window.
Before this, the stolen Ether had been sitting pretty in those wallets since January 21, 2023.
Interestingly, that wasn’t the only time the Blockchain Bandit was on the move, as they also shifted 470 Bitcoin around that same period.
How to steal Ether?
Now, you might be wondering how someone could guess private keys like it’s a game of bingo.
Well, this hacker managed to loot almost 45,000 ETH by exploiting weak private keys, because unfortunately there are weak private keys.
As reported back in April 2019, the experts uncovered a total of 732 private keys tied to this case, to nearly 49,060 transactions.
The method is the so-called “Ethercombing.” This involves brute-forcing random private keys while hunting for faulty code and unreliable random number generators.
Anonimity
Despite their activities, the true identity of Blockchain Bandit remains a mystery.
Some experts, like crypto analyst Adrian Bednarek, have speculated that this could be the work of a state actor, and North Korea has been mentioned as a potential suspect.
If anyone thinks this is just an isolated incident, think again! In 2024 alone, crypto hackers stole over $2.3 billion across 165 major incidents, with 40% increase from the previous year.
A report from on-chain security firm Cyvers highlights that access control breaches were the main culprits behind this jump.
In fact, these vulnerabilities accounted for $1.9 billion lost from centralized exchanges and custodian platforms.
