The Blockchain Bandit, responsible for one of the most sophisticated Ethereum heists has resurfaced. According to reports, the crypto thief moved 51,000 ETH, worth about $172 million in today’s prices, into a single wallet. Blockchain sleuth ZachXBT, who has had several breaking stories about the criminal’s exploit, broke the story on Telegram.
In his post, ZachXBT stated that the criminal moved the funds from ten different wallets into a multi-signature address. The transaction took place for roughly 24 minutes, with the Blockchain Bandit moving the cache in batches of 5,000. He started the transfer around 8:54 pm UTC and finished the last around 9:18 pm UTC. The movement has also not had any noticeable effects on the price of Ethereum.
Blockchain Bandit’s Ethercombing technique
The Blockchain Bandit was renowned for his activities in the blockchain space from 2016 to 2018. They specifically earned the nickname through their sophisticated method of carrying out attacks known as Ethercombing. The method specifically targets and exploits weak private keys.
The entity took advantage of Ethereum’s early key generation flaw, guessing the private keys tied to active wallets. The Blockchain Bandit guessed the systematic pattern of the key generation, and about 49,060 transactions later, he was able to amass 51,000 ETH. In addition, he was able to compromise around 732 private keys.
The issue was mainly due to poorly secured cryptography. The number generation, though random, was easy to guess. In addition, the sloppy coding process also added to its issues, leaving wallets vulnerable. The Blockchain Bandit made the process automatic, scanning through several potential combinations to find the weakest links.
The same mistake from years past has continued to haunt users, with their funds, currently shifting between the desired locations of the criminals. The stash remained untouched for over a year after it was previously shifted in January 2023. The hacker had previously moved it from a former location on the day, moving about 470 Bitcoin alongside it to avoid suspicions.
Cybersecurity experts draw connections to North Korea
The Blockchain Bandit’s operation has elicited many responses, drawing more than just technical scrutiny. According to some cybersecurity experts, the group may have some connections with North Korean hacker groups. These groups carry out several hack activities, with the proceeds funneled into state weapons programs.
The type and size of the Blockchain Bandit’s operation looks like that of Lazarus, a hacker group in North Korea. On another note, it shows the bulk of the problem lies with users. The hackers take advantage of weak private keys, providing no need for them to breach any complex systems.
Aside from user negligence, Ethereum also shares in the blame, as their vulnerabilities gave the hackers freedom to carry out their illegal activities. Developers are now doing better in that aspect, but this harm is already done. The automated system that the hacker deployed was also high-grade, draining wallets with remarkable efficiency.