A hacker dubbed the \u201cBlockchain Bandit\u201d has finally woken from a six-year slumber and has started to move their ill-gotten gains.<\/p>\n
According to Chainalysis, around $90 million in crypto pilfered from the attacker\u2019s long-running string of \u201cprogrammatic theft\u201d since 2016 has started moving over the past week. <\/p>\n
This included 51,000 Ether (ETH<\/a>) and 470 Bitcoin (BTC<\/a>)\u00a0\u2014 worth a total of around $90 million\u00a0\u2014 leaving the bandit\u2019s address for a new one. Chainalysis noted:<\/p>\n \u201cWe suspect that the bandit is moving their funds given the recent jump in prices.\u201d<\/p><\/blockquote>\n The hacker was dubbed the \u201cBlockchain Bandit\u201d due to being able to empty Ethereum wallets protected with weak private keys in a process termed \u201cEthercombing.\u201d<\/p>\n The attacker\u2019s \u201cprogrammatic theft\u201d process has drained more than 10,000 wallets from individuals across the globe since the first attacks were perpetrated six years ago. <\/p>\n 1\/ $90M stolen funds on the move: After 6 years of hodling, the \u201cBlockchain Bandit\u201d has awoken. In this we cover how the Blockchain Bandit amassed this treasure trove and where the funds are currently held.<\/p>\n \u2014 Chainalysis (@chainalysis) January 25, 2023<\/a><\/p><\/blockquote>\n In 2019, Cointelegraph reported that the Blockchain Bandit managed to amass almost\u00a045,000 ETH by successfully guessing<\/a> those frail private keys.<\/p>\n A security analyst said he discovered the hacker by accident while researching private key generation. He noted at the time that the hacker had set up a node to automatically filch funds from addresses with weak keys.<\/p>\n The researchers identified 732 weak private keys associated with a total of 49,060 transactions. It is unclear how many of those were exploited by the bandit, however.<\/p>\n \u201cThere was a guy who had an address who was going around and siphoning money from some of the keys we had access to,\u201d he said at the time.<\/p>\n Chainalysis produced a diagram depicting the flow of the funds, however, it did not specify the target address, only labeling them as \u201cintermediary addresses.\u201d<\/p>\n To avoid having weak private keys, Chainalysis advised users to use well-known and trusted wallets and consider moving funds to hardware wallets if large amounts of cryptocurrency are involved.<\/p>\n Related: <\/em><\/strong>Hackers keeping stolen crypto: What is the long-term solution?<\/em><\/strong><\/a><\/p>\n Also in 2019, a computer researcher discovered a wallet vulnerability<\/a> that issued the same key pairs to multiple users.<\/p>\n<\/div>\n\n
![\"\"](\"https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/6543edc7-5c47-4a0a-bc7c-3a052a9ed1c7.jpg\" "\\"\\"")