After a brief hiatus, the notorious “Blockchain Bandit” has resurfaced as the year ends, consolidating a staggering 51,000 eth, valued at approximately $172 million, into a single multi-signature wallet.
This transfer was made on December 30.
The “blockchain bandit” returns
In the last updateProminent blockchain researcher ZachXBT revealed that the consolidation originated from 10 wallets, which have been dormant for almost two years, with the last activity recorded in January 2023. In addition to the Ether transfer, 470 btc were also moved .
The Blockchain Bandit gained infamy between 2016 and 2018 through an insidious technique called “Ethercombination.” By exploiting cryptographic vulnerabilities, the attacker systematically guessed weak private keys, which were often generated by faulty random number algorithms or misconfigured wallets.
This method allowed the malicious entity to steal more than 45,000 eth in 49,060 transactions compromising 732 private keys. While brute forcing private keys is generally considered unlikely due to their wide numerical range, Bandit took advantage of predictable flaws such as non-random key generation and poorly implemented recovery phrases.
Cybersecurity analysts suggest that state-sponsored actors, possibly North Korean hacking groups, could be behind the attacks, drawing parallels with other large-scale cryptocurrency thefts. These groups are known to target cryptocurrency platforms to fund illicit operations, including weapons programs.
Bandit's recent activity, along with the use of multi-signature wallets, indicates preparations for possible laundering of funds through mixers or decentralized exchanges to hide their origins.
From fake meetings to opening phrase traps
The resurgence of this attacker comes amid a broader rise in crypto cybercrime as fraudsters develop new strategies to catch unsuspecting targets. Earlier this month, it was reported that hackers had exploited fake Zoom meeting links to target cryptocurrency users and steal sensitive credentials as well as digital assets.
SlowMist traced the malware code to Russian-linked agents, revealing more than $1 million converted to eth.
Another scam targeted opportunistic thieves by sharing seed phrases of fake crypto wallets. Once accessed, the wallets demand TRX for transaction fees, diverting funds to scammers. Kaspersky warns that this scheme, disguised as a rookie mistake, manipulates thieves into becoming victims of their own greed.
Binance Free $600 (CryptoPotato Exclusive) – Use this link to register a new account and receive an exclusive welcome offer of $600 on Binance (full details).
LIMITED OFFER for CryptoPotato readers on Bybit: Use this link to register and open a FREE $500 position in any coin!
<!– ai CONTENT END 1 –>
