Infamous ‘Blockchain Bandit’ Begins Moving His Stash 6 Years Later

The unidentified hacker emptied multiple Ethereum wallets by guessing their keys years ago.

As we’ve seen over the years, blockchains aren’t quite as secure as some pretend they are.

Rather, although the technology is one of the most secure ways of storing data available to the public, poor coding, social engineering, and the like can still allow bad actors to take advantage of unwary victims.

Guessing Games
In the case of the “Blockchain Bandit,” however, the tech worked as intended. The unknown attacker managed to steal crypto assets from up to 732 wallets by a process known as ethercombing – essentially educated guesswork.

A private key to an Ethereum wallet is a 78-digit string of random numbers. Theoretically, this should be impossible to guess without quantum computing or other resources that, as far as we know, do not exist yet.

However, the sheer number of strings will eventually allow for a private key to be guessed by having a low value. Statistically, this would be due to an error or an inexperienced user choosing the key himself.

“If a private key is chosen at random, then the chances of someone else generating that same key are approximately 1 in 2256, which is, for all practical purposes, a 0% chance. Since a private key of 0x01 has approximately zero percent chance of occurring randomly, we must assume this value was either chosen on purpose or due to an error. “

A detailed rundown of the math involved can be found in this academic article. To sum it up, the chance of guessing a private key has roughly the same probability as identifying one particular atom in our universe.

That didn’t stop the Blockchain Bandit.

Methodical Work
Over the past few years, the unidentified bad actor scoured the blockchain looking for wallets with private keys whose values added up to numbers 1 through 732. By doing this for a couple of years, they had amassed a fortune. Their wallet is currently being emptied of 51k Ether and 470 Bitcoin, now worth around $90 million – a sum smaller than many of the hacks we’ve seen over the course of 2022 but no less impressive.

The news was broken by Chinalysis, who suspect the recent bullish movements of the crypto market gave the attacker the impulse to cash out.

1/ 🚨$90M stolen funds on the move: After 6 years of hodling, the “Blockchain Bandit” has awoken. In this 🧵 we cover how the Blockchain Bandit amassed this treasure trove and where the funds are currently held.
— Chainalysis (@chainalysis) January 25, 2023

Given the tremendous amount of time needed to pull off such an operation, it is possible that the attacker was indeed a state actor – although an organized crime ring or a regular individual could also be the culprits.