Famous ‘Blockchain Bandit’ Appears Again, Moves 51,000 ETH in Largest Fund Transfer

After a brief hiatus, the infamous “Blockchain Bandit” has re-emerged as the year comes to a close, consolidating a staggering 51,000 ETH, valued at approximately $172 million, into a single multi-sig wallet.

This transfer took place on December 30.

“Blockchain Bandit” is back.

In the latest update, prominent blockchain researcher ZachXBT revealed that the consolidation originated from 10 wallets, which have been inactive for almost two years, and the last activity was marked in January 2023. Next to of the Ether transfer, 470 BTC were also moved.

The Blockchain bandit gained infamy between 2016 and 2018 using an insidious technique called “Ethercombing”. By exploiting cryptographic vulnerabilities, the attacker systematically guessed weak private keys, which were often generated by faulty random number algorithms or misconfigured wallets.

This method allowed the malicious entity to steal over 45,000 ETH in 49,060 transactions by compromising 732 private keys. While brute-force private keys are generally considered unlikely due to their wide numeric range, the Bandit took advantage of predictable flaws such as non-random key generation and poorly implemented recovery phrases.

Cybersecurity analysts suggest state-sponsored actors, possibly North Korean hacking groups, could be behind the attacks, noting parallels with other large-scale crypto thefts. These groups are known to target cryptocurrency platforms to fund illicit operations, including weapons programs.

The Bandit’s recent activity, along with the use of multi-signature wallets, indicates preparations for the possible laundering of funds through mixers or decentralized exchanges to obscure their origins.

From fake meetings to seed phrase cheats

The resurgence of this attacker comes amid a broader rise in crypto cybercrime, as fraudsters develop new strategies to catch unsuspecting targets. Earlier this month, hackers were reported to have exploited fake Zoom meeting links to target crypto users and steal sensitive credentials as well as digital assets.

SlowMist traced the malware code to operatives linked to Russia, revealing over $1 million converted to ETH.

Another scam targeted opportunistic thieves by sharing fake crypto wallet seed phrases. Once accessed, wallets ask TRX for transaction fees, redirect funds to scammers. Kaspersky warns that this scheme, disguised as a rookie mistake, manipulates thieves into falling victim to their own greed.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER for CryptoPotato readers on Bybit – Use this link to register and open a FREE $500 position with any currency!