The Blockchain Bandit, a hacker infamous for exploiting vulnerabilities in Ethereum wallets, has reappeared, consolidating stolen assets after years of inactivity.
On Dec. 30, blockchain investigator ZachXBT reported that the hacker moved 51,000 ETH, worth approximately $172 million, into a single wallet.
These funds were transferred from ten previously inactive wallets, marking the hacker’s first significant activity in years.
The Blockchain Bandit
The Blockchain Bandit earned notoriety by exploiting weak private keys on the Ethereum blockchain. This technique involved targeting wallets with insecure keys, often set to simple sequences like “1,” “2,” or “3.” These vulnerabilities allowed the hacker to siphon crypto from unsuspecting users.
The scale of these exploits first came to light in 2019 when security researcher Adrian Bednarek discovered the issue during a routine investigation.
He identified hundreds of wallets using dangerously weak keys, revealing the hacker’s systematic method of scanning for such vulnerabilities. This approach, known as “Ethercombing,” enabled automated theft from compromised wallets.
Over two years, the hacker breached 732 private keys and conducted nearly 49,000 transactions. Their activity peaked between 2016 and 2018, with over 45,000 ETH stolen in just eight months.
Following this spree, the hacker’s wallets remained untouched—until now.
The reappearance of the Blockchain Bandit highlights the persistent security challenges within the crypto ecosystem.
Despite advancements in wallet technology, Web3 researcher Pix noted that several crypto users are still vulnerable to similar attacks because of weak key generators, poor wallet practices, and the possibility of human error. The researcher added:
“The Bandit’s playbook isn’t outdated — it’s a warning.”
Moreover, the Blockchain Bandit return also illuminates a broader trend of rising crypto thefts. This year, crypto losses reached $2.3 billion, a 21% increase from the previous year. Notably, North Korea-linked cybercriminals accounted for $1.34 billion of these losses.
Read the full article here