Wallets linked to infamous hacker ‘Blockchain Bandit’ have reportedly become active after being dormant for more than five years.
According to crypto researcher ZachXBT, the hacker consolidated 51,000 ETH, valued at over $172 million, from 10 different wallets into a single multi-sig wallet.
Who is the Blockchain Bandit hacker?
ZachXBT’s analysis showed that all 10 wallet addresses used in today’s transfer (31) were last active in 2018. This means the hacker decided to access these funds for the first time in over five years.
So who is this Blockchain Bandit? For those new to crypto, it is likely an unfamiliar name. However, for long-time crypto enthusiasts, it was one of the most intriguing and concerning names in 2018.
Blockchain Bandit Wallet Activity. Source: ZackXBT
The infamous “Blockchain Bandit” is a pseudonym for a hacker who systematically exploited weak private keys on the Ethereum blockchain to steal cryptocurrency. He became known for simply guessing the private keys of several vulnerable wallets and stealing millions in funds.
The hacker scanned the Ethereum network for wallets protected by weak, non-random, or poorly generated private keys. These keys were often the result of programming errors or faulty implementations of cryptographic libraries.
Blockchain Bandit used automated scripts to search the blockchain for vulnerable addresses. Once a weak key was identified, the attacker would quickly transfer the funds from the wallet to their own address. In most cases, it took days for the owner to realize the theft.
In total, the hacker managed to steal over 50,000 ETH using this simple technique from over 10,000 wallets. The name ‘Blockchain Bandit’ came from a 2019 WIRED report that revealed the pattern of this attack.
At the time, a security analyst named Adrian Bednarek identified how the crook used a pre-generated list of keys to automate scanning and withdrawing funds from vulnerable wallets in seconds.
See, on Ethereum, private keys are 256-bit numbers. Brute-forcing one is basically impossible. But some wallets were using terrible random number generators, creating weak private keys. Think: password123 or an empty recovery phrase. One key was literally… ‘1’. Bandit didn’t just target bad private keys. He also exploited: wallets based on weak phrases (like “Brainwallets”) and poorly configured Ethereum nodes. His approach made him nearly unstoppable, wrote Web3 analyst Pix.
Why is the hacker active again after five years?
While these specific wallets became active today (31) for the first time since 2018, some of the other wallets were used to move funds in January 2023 and purchase Bitcoin.
However, today's transfer (31) marked the largest consolidation of all ETH funds stolen by the hacker. This could indicate several things.
First, moving funds to a multi-signature wallet could indicate that the hacker is preparing for a large transaction or series of transactions. This could include laundering the funds through mixers, decentralized exchanges, or other tools to obscure their origins.
Furthermore, consolidating funds could be a prelude to liquidating some or all of the ETH. In fact, liquidating such large amounts of ETH in the current market could raise concerns about Ethereum's short-term price.
On the other hand, the hacker may anticipate favorable market conditions, such as a rise in ETH prices, to maximize the value of their stolen holdings during liquidation.
However, more worryingly, the consolidated ETH could be used to fund new attacks. For example, to fund transaction fees for a new series of attacks or to enable operations on other blockchain networks.
Overall, the possibility of such an infamous hacker becoming active again could be a concern for the crypto space. We have already seen the industry lose $2.3 billion in 2023, a massive 40% increase from 2023. Ethereum was also the hardest hit network among these attacks.
The article Hacker Blockchain Bandit Returns and Moves $172 Million in ETH was first seen on BeInCrypto Brasil.