$90 million in stolen crypto seen changing

by Arthur · January 25, 2023

A hacker dubbed the “Blockchain Bandit” has finally woken up from a six-year slumber and has begun moving his ill-gotten gains.

According to Chainalysis, around $90 million in crypto stolen from the attacker’s long-running streak of “programmatic theft” since 2016 has begun to move in the past week.

This included 51,000 Ether (ETH) and 470 Bitcoin (BTC), worth around $90 million, leaving the bandit’s address for a new one, with Chainalysis noting:

“We suspect that the bandit is moving his funds given the recent price jump.”

The hacker was dubbed the “Blockchain Bandit” due to being able to empty Ethereum wallets protected with weak private keys in a process called “Ethercombing.”

The attacker’s “programmatic theft” process has drained more than 10,000 wallets from individuals worldwide since the first attacks were carried out six years ago.

1/ $90 million stolen funds on the move: After 6 years of hoarding, the “Blockchain Bandit” has awakened. In this we cover how Blockchain Bandit amassed this treasure trove and where the funds are currently kept.

— Chain Analysis (@chainanalysis) 25 January 2023

In 2019, Cointelegraph reported that “Blockchain Bandit” managed to collect almost 45,000 ETH by guessing the fragile private keys.

A security analyst said he discovered the hacker by accident while investigating private key generation. He noted at the time that the hacker had set up a node to automatically filch funds from addresses with weak keys.

The researchers identified 732 weak private keys associated with a total of 49,060 transactions. However, it is unclear how many of these were exploited by the bandit.

“There was a guy who had an address that was going around siphoning money from some of the keys that we had access to,” he said at the time.

*Blockchain Bandit crypto moves. Source: Chainalysis*

Chainalysis produced a diagram depicting the flow of the funds, but it did not specify the destination address, only labeling them as “intermediate addresses.”

To avoid having weak private keys, Chainalysis advised users to use known and trusted wallets, and consider moving funds to hardware wallets if large amounts of cryptocurrency are involved to avoid having weak private keys.

Related: Hackers Holding Stolen Crypto: What’s the Long-Term Solution?

Also in 2019, a computer scientist discovered a wallet vulnerability that gave the same key pairs to multiple users.