Blockchain Bandit, a hacker famous for exploiting vulnerabilities in ethereum wallets, has reappeared, consolidating stolen assets after years of inactivity.
On December 30, blockchain researcher ZachXBT reported that the hacker moved 51,000 eth, worth approximately $172 million, into a single wallet.
These funds were transferred from ten previously inactive wallets, marking the hacker's first significant activity in years.
The Blockchain Bandit
He Blockchain Bandit gained notoriety by exploiting weak private keys on the ethereum blockchain. This technique involved targeting wallets with insecure keys, often set in simple sequences such as “1”, “2” or “3”. These vulnerabilities allowed the hacker to siphon cryptocurrency from unsuspecting users.
The magnitude of these exploits first came to light in 2019, when security researcher Adrian Bednarek discovered the issue during a routine investigation.
It identified hundreds of wallets using dangerously weak keys, revealing the hacker's systematic method of scanning for such vulnerabilities. This approach, known as “Ethercombination”, allowed the automated theft of compromised wallets.
Over two years, the hacker breached 732 private keys and made nearly 49,000 transactions. Its activity peaked between 2016 and 2018, with more than 45,000 eth stolen in just eight months.
After this spree, the hacker's wallets remained intact… until now.
The reappearance of Blockchain Bandit highlights the persistent security challenges within the crypto ecosystem.
Despite advances in wallet technology, Web3 researcher Pix noted that several cryptocurrency users are still vulnerable to similar attacks due to weak key generators, poor wallet practices, and the possibility of human error. the researcher <a target="_blank" href="https://x.com/PixOnChain/status/1873890361434935541″>aggregate:
“The Bandit's manual is not outdated: it is a warning.”
Furthermore, the return of the Blockchain Bandit also illuminates a broader trend of increasing cryptocurrency thefts. This year, crypto losses reached $2.3 billion, a 21% increase from the previous year. Notably, North Korea-linked cybercriminals accounted for $1.34 billion of these losses.
