A hacker dubbed the “Blockchain Bandit” has finally woken up from a six-year slumber and started moving his ill-gotten gains.
According to Chainalysis, around $90 million in stolen crypto from the attacker’s long string of “programmatic theft” since 2016 began moving over the past week.
“We suspect that the bandit is moving his funds given the recent rise in prices.”
The hacker was dubbed the “blockchain bandit” because he was able to empty Ethereum wallets protected with weak private keys in a process dubbed “Ethercombing.”
The attacker’s “programmatic theft” process has drained more than 10,000 wallets from people around the world since the first attacks were carried out six years ago.
1/ $90M of stolen funds on the move: After 6 years of hodling, the “Blockchain Bandit” has woken up. In this, we cover how Blockchain Bandit amassed this treasure trove and where the funds are currently located.
—Chainalysis (@chainalysis) January 25, 2023
A security analyst said he discovered the hacker by accident while investigating private key generation. He pointed out at the time that the hacker had set up a node to automatically steal funds from addresses with weak keys.
The researchers identified 732 weak private keys associated with a total of 49,060 transactions. However, it is not clear how many of them were exploited by the bandit.
“There was a guy that had an address that was going around and diverting money from some of the keys that we had access to,” he said at the time.
Chainalysis produced a diagram depicting the flow of the funds, however it did not specify the destination address, only labeling them as “intermediate addresses”.
To avoid having weak private keys, Chainalysis advised users to use known and trusted wallets, and to consider transferring funds to hardware wallets if large amounts of cryptocurrency are involved to avoid having weak private keys.
Also in 2019, a computer researcher discovered a wallet vulnerability that issued the same key pairs to multiple users.