Wallets linked to the notorious ‘Blockchain Bandit’ attacker have reportedly develop into lively after being dormant for over 5 years.
Based on crypto investigator ZachXBT, the attacker consolidated 51,000 ETH price over $172 million from 10 totally different wallets to a single multi-sig pockets.
Who’s the Blockchain Bandit Hacker?
ZachXBT’s evaluation confirmed that each one 10 pockets addresses utilized in right this moment’s switch have been final lively in 2018. This implies the attacker has determined to entry these funds for the primary time in over 5 years.
So, who is that this Blockchain Bandit? For these new to crypto, it’s more likely to be an unfamiliar title. Nonetheless, for long-term crypto lovers, it was one of the vital gripping and regarding names again in 2018.
The notorious “Blockchain Bandit“ is a pseudonym for an attacker who systematically exploited weak non-public keys on the Ethereum blockchain to steal cryptocurrency. He grew to become common by merely guessing the non-public keys of a number of weak wallets and stealing thousands and thousands in funds.
The attacker scanned the Ethereum community for wallets secured by weak, non-random, or poorly generated non-public keys. These keys have been usually the results of programming errors or defective implementations of cryptographic libraries.
The Blockchain Bandit used automated scripts to go looking the blockchain for weak addresses. When a weak key was recognized, the attacker shortly transferred funds from the pockets to their very own tackle. Normally, it could be days earlier than the proprietor grew to become conscious of the theft.
Total, the hacker was in a position to steal greater than 50,000 ETH utilizing this straightforward method from over 10,000 wallets. The title ‘Blockchain Bandit’ got here from a WIRED function again in 2019 that exposed the sample of this assault.
Throughout that point, a safety analyst named Adrian Bednarek recognized how the bandit used a pre-generated checklist of keys to automate scanning and withdraw funds from weak wallets in seconds.
“You see, on Ethereum, non-public keys are 256-bit numbers. Brute-forcing one is mainly inconceivable. However some wallets have been utilizing horrible random quantity turbines, creating weak non-public keys. Assume: password123 or an empty restoration phrase. One key was actually… ‘1’. The Bandit didn’t simply goal unhealthy non-public keys. He additionally exploited: Weak passphrase-based wallets (like “Brainwallets”) and Misconfigured Ethereum nodes. His method made him practically unstoppable,” wrote Web3 analyst Pix.
Why is the Attacker Lively once more After 5 years?
Though these explicit wallets grew to become lively right this moment for the primary time since 2018, a number of the different wallets have been used to maneuver funds again in January 2023 and buy Bitcoins.
Nonetheless, right this moment’s switch marked the largest consolidation of all of the stolen ETH funds from the attacker. This might point out a number of issues.
Firstly, shifting funds right into a multi-signature pockets might point out the attacker is making ready for a big transaction or collection of transactions. This would possibly embody laundering the funds by mixers, decentralized exchanges, or different instruments to obscure their origins.
Additionally, consolidating funds could possibly be a prelude to liquidating some or all the ETH. Notably, liquidating such massive quantities of ETH within the present market might elevate issues about Ethereum’s short-term value.
Alternatively, the attacker might anticipate favorable market situations, reminiscent of a surge in ETH costs, to maximise the worth of their stolen holdings throughout liquidation.
Nonetheless, most concerningly, The consolidated ETH could possibly be used to finance additional exploits. As an illustration, funding transaction charges for a brand new collection of assaults or enabling operations on different blockchain networks.
Total, the potential of such an notorious hacker changing into lively once more could possibly be a priority for the crypto area. We’ve already seen the trade lose $2.3 billion in 2023, an enormous 40% enhance from 2023. Ethereum was additionally the toughest hit community amongst these assaults.
Disclaimer
In adherence to the Belief Undertaking tips, BeInCrypto is dedicated to unbiased, clear reporting. This information article goals to supply correct, well timed data. Nonetheless, readers are suggested to confirm info independently and seek the advice of with knowledgeable earlier than making any selections primarily based on this content material. Please be aware that our Phrases and Situations, Privateness Coverage, and Disclaimers have been up to date.