Blockchain Bandit resurfaces after 2 years, moves all $172M in stolen Ether

The Blockchain Bandit is back. After two years of silence, the infamous crypto thief responsible for one of the most sophisticated Ethereum heists has moved 51,000 Ether—worth $172 million at today’s prices—into a single wallet.

Blockchain investigator ZachXBT, who has tracked the Bandit’s exploits for years, broke the news in a Telegram post. According to him, the stolen funds were moved from ten separate wallets into a multi-signature address—“0xC45…1D542.”

This consolidation happened in batches of 5,000 Ether each, all within a span of 24 minutes. The transfers started at 8:54 pm UTC and wrapped up by 9:18 pm UTC. As of press time, there hasn’t been any noticeable effects to Ether’s prices.

The Ethercombing mastermind

The Blockchain Bandit earned their name between 2016 and 2018 after they pulled off a stunning series of hacks using a technique called “Ethercombing.” The method? Exploiting weak private keys.

By taking advantage of flaws in Ethereum’s early key generation processes, the Bandit managed to guess private keys tied to active wallets. This was systematic. Over roughly 49,060 transactions, the hacker raked in close to 45,000 Ether, uncovering a total of 732 private keys.

It was all about poorly secured cryptography. Issues like predictable random number generation and sloppy coding practices left many wallets vulnerable. The Bandit automated the process, scanning thousands of potential keys to find the weakest links.

Fast forward to today, and those early vulnerabilities are still haunting Ethereum users. The 51,000 Ether that was moved recently is the same stash that had been sitting untouched since January 21, 2023.

On that day, the hacker had previously shifted the funds from a prior location, along with 470 Bitcoin, to keep their loot under the radar.

North Korean links?

The Blockchain Bandit’s operation has drawn more than just technical scrutiny. Some cybersecurity analysts suspect a connection to North Korean hacker groups. These groups are infamous for targeting crypto platforms to fund state-sponsored activities, including weapons programs.

The Bandit’s methods and the sheer size of the theft look a lot like the tactics used by Lazarus, the secretive hacker group linked to North Korea.

A closer look at the Bandit’s methods shows just how much of the problem lies with users themselves. Weak private keys were a goldmine for this hacker, and they didn’t need to break into exchanges or bypass high-end security systems. They simply took advantage of lazy coding and user negligence.

Even today, many users fail to follow basic security protocols. Poorly chosen passwords, reliance on default settings, and a lack of understanding about private key management all contribute to the ongoing risks.

Ethereum’s early vulnerabilities didn’t help, either. Developers are now working hard to become better at coding practices, but in this case, the damage is already done. The Bandit’s automated key-scanning system exploited those flaws at scale, draining wallets with shocking efficiency.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap