The infamous hacker known as Blockchain Bandit has made headlines once again after transferring 51,000 Ether, worth an estimated $172 million, from multiple wallets into a single multisignature address. The funds had been dormant for nearly two years, with the hacker first stealing them through a method known as “Ethercombing.” This process involved brute-forcing weak private keys, a technique that allowed the hacker to guess and access private keys associated with 49,060 transactions. Between 2016 and 2018, Blockchain Bandit successfully obtained almost 45,000 Ether through this method, making it one of the most significant and sustained crypto thefts in recent history.
Blockchain Bandit’s most recent move took place on December 30, 2024, when the funds were transferred in batches of 5,000 Ether each. The first of these transfers occurred at 8:54 pm UTC, with the last transfer completing at 9:18 pm UTC. These funds had been inactive since January 2023, when the hacker also moved 470 Bitcoin. Despite the long dormancy period, the hacker’s decision to consolidate the funds indicates a possible intention to use or launder the stolen assets. This recent activity has drawn attention to the ongoing risks and vulnerabilities within the cryptocurrency space, particularly around the security of private keys.
The method behind Blockchain Bandit’s success lies in the ability to guess weak private keys, a practice that was first brought to light in a 2019 report by Cointelegraph. Private keys are supposed to be nearly impossible to guess due to their vast potential combinations. However, by exploiting faulty code, poor random number generation, and vulnerabilities in certain systems, Blockchain Bandit managed to predict the private keys and access the associated funds. The hacker’s approach has sparked considerable concern among the crypto security community, as it demonstrates the potential for a large-scale programmatic attack on Ethereum-based assets.
While Blockchain Bandit’s identity remains a mystery, crypto security experts have speculated that the hacker could be a state-backed actor, potentially from North Korea, known for its involvement in similar cybercrimes. This recent movement of stolen funds comes amid a rise in cyberattacks in 2024, with crypto hackers collectively stealing over $2.3 billion in assets across 165 major incidents. As the cryptocurrency industry continues to expand, the need for enhanced security measures and better protection against such vulnerabilities has never been more urgent. The rise in cyberattacks, especially through access control breaches, underscores the growing challenges facing the crypto market.
