A hacker dubbed the “Blockchain Bandit” has lastly woken from a six-year slumber and has began to maneuver their ill-gotten features.
According to Chainalysis, round $90 million in crypto pilfered from the attacker’s long-running string of “programmatic theft” since 2016 has began transferring over the previous week.
This included 51,000 Ether (ETH) and 470 Bitcoin (BTC), price round $90 million leaving the Bandit’s deal with for a brand new one, with Chainalysis noting:
“We suspect that the bandit is transferring their funds given the current bounce in costs.”
The hacker was dubbed the “Blockchain Bandit” due to being able to empty Ethereum wallets protected with weak private keys in a process termed “Ethercombing.”
The attacker’s “programmatic theft” process has drained more than 10,000 wallets from individuals across the globe since the first attacks were perpetrated six years ago.
1/ $90M stolen funds on the transfer: After 6 years of hodling, the “Blockchain Bandit” has awoken. In this we cowl how the Blockchain Bandit amassed this treasure trove and the place the funds are at present held.
— Chainalysis (@chainalysis) January 25, 2023
In 2019, Cointelegraph reported that the “Blockchain Bandit” managed to amass virtually 45,000 ETH by efficiently guessing these frail non-public keys.
A safety analyst mentioned he found the hacker by chance whereas researching non-public key era. He famous on the time that the hacker had arrange a node to robotically filch funds from addresses with weak keys.
The researchers recognized 732 weak non-public keys related to a complete of 49,060 transactions. It is unclear what number of of these have been exploited by the bandit, nonetheless.
“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to,” he mentioned on the time.
Chainalysis produced a diagram depicting the circulate of the funds, nonetheless, it didn’t specify the goal deal with, solely labeling them as “intermediary addresses.”
To keep away from having weak non-public keys, Chainalysis suggested customers to make use of well-known and trusted wallets, and take into account transferring funds to {hardware} wallets if massive quantities of cryptocurrency are concerned to keep away from having weak non-public keys.
Related: Hackers maintaining stolen crypto: What is the long-term resolution?
Also in 2019, a pc researcher found a pockets vulnerability that issued the identical key pairs to a number of customers.