A nicknamed hacker the “Blockchain Bandit” has finally woken up from a six-year slumber and started moving his ill-gotten gains around.
According to Chainalysis, Around $90 million in cryptocurrency stolen from the attacker’s long string of “programmatic thefts” since 2016 has started moving over the past week.
This included 51,000 Ether (ETH) and 470 bitcoin (BTC) – valued at around $90 million – leaving the bandit’s address for a new one. Chainalysis noted:
“We suspect that the bandit is moving his funds given the recent jump in prices.”
The hacker was dubbed the “Blockchain Bandit” for being able to drain Ethereum wallets protected with weak private keys in a process dubbed “Ethercombing.”
The process of “programmatic theft” dthe attacker has emptied more than 10,000 wallets from people around the world since the first attacks were carried out six years ago.
1/ $90M stolen funds on the move: After 6 years of hodling, the “Blockchain Bandit” has awoken. In this we cover how the Blockchain Bandit amassed this treasure trove and where the funds are currently held.
—Chainalysis (@chainalysis) January 25, 2023
1/ USD 90 million stolen: After 6 years, the “Blockchain Bandit” has awakened. In this article we explain how the Blockchain Bandit amassed this treasure and where the funds are currently located.
In 2019, Cointelegraph reported that The Blockchain Bandit managed to amass nearly 45,000 ETH by successfully guessing those fragile private keys.
A security analyst said he discovered the hacker by accident while investigating private key generation. He then pointed out that the hacker had created a node to automatically steal funds from addresses with weak keys.
The researchers identified 732 weak private keys associated with a total of 49,060 transactions. However, it is not clear how many of them were exploited by the bandit.
“There was a guy with an address who was going around siphoning money off of some of the keys we had access to,” he said. then.
Chainalysis produced a diagram representing the flow of funds, however, it did not specify the destination direction; it just labeled them as “intermediary addresses.”
To avoid having weak private keys, Chainalysis advised users to use known and trusted wallets and consider moving funds to hardware wallets for large amounts of cryptocurrency.
Also in 2019, a computer researcher discovered a wallet vulnerability that issued the same key pairs to multiple users.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.