The infamous “Blockchain Bandit” has resurfaced after over five years of silence, transferring 51,000 ETH, worth $172 million, from 10 previously inactive wallets into a multi-signature wallet. The funds, untouched since 2018, have sparked concern among experts who speculate the move could signal intentions to liquidate, launder, or fund new cyber exploits.
Blockchain investigator ZachXBT revealed that all the addresses involved in the transfer were last active in 2018. For newer crypto enthusiasts, the name “Blockchain Bandit” might not ring a bell, but in 2018, it was one of the most feared names in the crypto world. This hacker systematically exploited Ethereum wallets secured by weak private keys, stealing millions by simply guessing them.
The attacker targeted wallets with poorly generated or non-random private keys, often caused by programming flaws or faulty cryptographic libraries. By running automated scripts, the hacker scanned the Ethereum network, identified vulnerable wallets, and swiftly transferred funds. Victims often didn’t realize they had been hacked until days later.
In total, the Blockchain Bandit is believed to have stolen over 50,000 ETH from 10,000 wallets. The nickname was first coined in a 2019 WIRED article that detailed the attacker’s methods. Security analyst Adrian Bednarek was one of the first to uncover the pattern, explaining that some wallets used embarrassingly weak private keys, such as simple phrases or even the number ‘1.’
The Bandit also exploited weak passphrase-based wallets, known as brain wallets, and misconfigured Ethereum nodes. These vulnerabilities allowed the attacker to remain nearly unstoppable in their operations.
The recent activity raises significant questions. Moving funds into a multi-signature wallet suggests preparation for major transactions. These could involve laundering funds through cryptocurrency mixers, decentralized exchanges, or other anonymization tools. Alternatively, the hacker might be planning to liquidate the assets, though selling such a large volume of ETH could impact its market price.
Another possibility is that the hacker is waiting for market conditions to improve. A surge in Ethereum’s price would allow for maximum profits upon liquidation. However, the most troubling scenario is that the funds could be used to finance future attacks, cover transaction fees, or support new exploits across blockchain networks.
This isn’t the first time the Blockchain Bandit has shown signs of activity in recent years. Some funds were moved back in January 2023 and converted into Bitcoin. However, the recent transfer marks the largest consolidation of stolen funds to date. The crypto industry is already grappling with massive losses from cyberattacks. In 2023 alone, losses reached $2.3 billion, marking a 40% increase from the previous year, with Ethereum being the hardest-hit network.
The return of such a notorious hacker is a stark reminder of the vulnerabilities still present in the blockchain ecosystem. Whether the funds are destined for liquidation, laundering, or further attacks, the reappearance of the Blockchain Bandit has put the crypto community on high alert.
