The infamous ‘Blockchain Bandit’ begins moving storage 6 years later
As we’ve seen over the years, blockchains aren’t quite as secure as some pretend they are.
Rather, even though the technology is one of the most secure ways to store publicly available data, poor coding, social engineering, and the like can still allow bad actors to take advantage of unwary victims.
Guessing game
In the case of the “Blockchain Bandit”, however, the technology worked as intended. The unknown attacker managed to steal crypto assets from up to 732 wallets by a process known as ethercombing – essentially educated guesswork.
A private key for an Ethereum wallet is a 78-digit string of random numbers. Theoretically, this should be impossible to guess without quantum computing or other resources that, as far as we know, do not yet exist.
However, the large number of strings will eventually make it possible to guess a private key by having a low value. Statistically speaking, this will be due to an error or an inexperienced user choosing the key themselves.
“If a private key is chosen at random, then the chance of someone else generating the same key is about 1 in 2256, which for all practical purposes is a 0% chance. Since a private key of 0x01 has about a zero percent chance of happening randomly, we must assume that this value was either chosen intentionally or due to an error.”
A detailed overview of the mathematics involved can be found in this academic article. To summarize, the chance of guessing a private key has about the same probability as identifying one particular atom in our universe.
That didn’t stop the Blockchain Bandit.
Methodical work
Over the past few years, the unidentified bad actor has been scouring the blockchain looking for wallets with private keys whose values add up to the numbers 1 to 732. By doing this for a couple of years, they had amassed a fortune. Their wallet is currently being emptied of 51k Ether and 470 Bitcoin, now worth around $90 million – a sum smaller than many of the hacks we’ve seen during 2022, but no less impressive.
The news was broken by Chinalysis, which suspects that the recent bullish movements in the crypto market gave the attacker the impetus to cash out.
1/ 🚨$90 million stolen funds on the move: After 6 years of hoarding, the “Blockchain Bandit” has woken up. In this 🧵 we cover how the Blockchain Bandit collected this treasure and where the funds are currently kept.
— Chain Analysis (@chainanalysis) 25 January 2023
Given the enormous amount of time needed to carry out such an operation, it is possible that the attacker was actually a state actor – although organized crime or an ordinary individual could also be the culprits.
Binance Free $100 (Exclusive): Use this link to sign up and receive $100 free and 10% off Binance Futures first month (terms).
PrimeXBT Special Offer: Use this link to sign up and enter code POTATO50 to receive up to $7,000 on your deposits.
