Crypto

‘Blockchain Bandit’ Awakens: $90 Million in Stolen Crypto Moves

A hacker dubbed the “Blockchain Bandit” has finally woken up from a six-year slumber and started shifting his ill-gotten gains.

According to Chainalysis, around $90 million in crypto stolen in the attacker’s long string of “programmatic thefts” since 2016 started moving in the past week.

This included 51,000 Ether (ETH) and 470 bitcoins (BTC) – worth a total of around $90 million – leaving the bandit’s address for a new one. Chainalysis noted:

“We suspect the bandit is moving his funds given the recent price spike.”

The hacker has been dubbed the “Blockchain Bandit” due to his ability to drain Ethereum wallets protected by weak private keys in a process called “Ethercombing”.

The attacker’s “programmatic theft” process has drained more than 10,000 wallets from individuals around the world since the first attacks were carried out six years ago.

In 2019, Cointelegraph reported that the Blockchain Bandit managed to amass almost 45,000 ETH by guessing successfully those frail private keys.

A security analyst said he discovered the hacker by accident while researching private key generation. He noted at the time that the hacker had set up a node to automatically extract funds from addresses with weak keys.

The researchers identified 732 weak private keys associated with a total of 49,060 transactions. However, it is unknown how many of them were exploited by the bandit.

“There was a guy who had an address who was walking around and siphoning money from some of the keys we had access to,” he said at the time.

Blockchain Bandit Crypto Movements. Source: Chain Analysis

Chainalysis produced a diagram illustrating the flow of funds, however, it did not specify the target address, referring to them only as “intermediate addresses”.

To avoid having weak private keys, Chainalysis advised users to use well-known and trusted wallets and consider transferring funds to hardware wallets if large amounts of cryptocurrency are involved.

Related: Hackers Keeping Crypto Stolen: What’s the Long-Term Solution?

Also in 2019, a computer science researcher discovered a wallet vulnerability who issued the same key pairs to multiple users.