The hacker accumulated as much as $90 million worth of crypto from wallets with weak private keys during a six-year thieving spree.

3690 Total views

38 Total shares

'Blockchain Bandit' reawakens: $90M in stolen crypto seen shifting

Own this piece of history

Collect this article as an NFT

A hacker dubbed the “Blockchain Bandit” has finally woken from a six-year slumber and has started to move their ill-gotten gains.

According to Chainalysis, around $90 million in crypto pilfered from the attacker’s long-running string of “programmatic theft” since 2016 has started moving over the past week.

This included 51,000 Ether (ETH) and 470 Bitcoin (BTC) — worth a total of around $90 million — leaving the bandit’s address for a new one. Chainalysis noted:

“We suspect that the bandit is moving their funds given the recent jump in prices.”

The hacker was dubbed the “Blockchain Bandit” due to being able to empty Ethereum wallets protected with weak private keys in a process termed “Ethercombing.”

The attacker’s “programmatic theft” process has drained more than 10,000 wallets from individuals across the globe since the first attacks were perpetrated six years ago.

1/ $90M stolen funds on the move: After 6 years of hodling, the “Blockchain Bandit” has awoken. In this we cover how the Blockchain Bandit amassed this treasure trove and where the funds are currently held.

— Chainalysis (@chainalysis) January 25, 2023

In 2019, Cointelegraph reported that the Blockchain Bandit managed to amass almost 45,000 ETH by successfully guessing those frail private keys.

A security analyst said he discovered the hacker by accident while researching private key generation. He noted at the time that the hacker had set up a node to automatically filch funds from addresses with weak keys.

The researchers identified 732 weak private keys associated with a total of 49,060 transactions. It is unclear how many of those were exploited by the bandit, however.

“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to,” he said at the time.

Blockchain Bandit crypto movements. Source: Chainalysis

Chainalysis produced a diagram depicting the flow of the funds, however, it did not specify the target address, only labeling them as “intermediary addresses.”

To avoid having weak private keys, Chainalysis advised users to use well-known and trusted wallets and consider moving funds to hardware wallets if large amounts of cryptocurrency are involved.

Related: Hackers keeping stolen crypto: What is the long-term solution?

Also in 2019, a computer researcher discovered a wallet vulnerability that issued the same key pairs to multiple users.