Blockchain Bandit Moves $172 Million Stolen Ether After 2 Years of Dormancy

Highlights:

• Blockchain Bandit moves 51,000 ETH, valued at $172 million, after a two-year dormancy.
• The “Ethercombing” technique exploited weak private keys and misconfigured Ethereum nodes and passphrases.
• Cybersecurity experts link Blockchain Bandit to North Korea’s Lazarus Group, fueling suspicions.

Wallets tied to the infamous hacker group “Blockchain Bandit” have reportedly become active after being dormant for nearly two years. Blockchain investigator ZachXBT said in a Dec. 30 Telegram post that the attacker transferred 51,000 ETH, valued at over $172 million, from 10 separate wallets into a single multi-sig wallet address “0xC45…1D542.” The stolen funds have been inactive in 10 wallet addresses since January 21 last year. On that day, 51,000 Ether was moved. The attacker also transferred 470 BTC at the same time.

According to ZachXBT, the Blockchain Bandit attacker has become active again after years of dormancy, and has collected 51,000 ETH ($172.2 million) into a multi-signature address (0xC45C36017b0B7708f493534Ca4f0930964C1D542). https://t.co/lWmVEd2nJv

— Wu Blockchain (@WuBlockchain) December 31, 2024

The “Blockchain Bandit” uses a method called “Ethercombing.” This technique targets weak private keys by finding flaws in poorly written code and randomness generators. “The Bandit didn’t just target bad private keys. He also exploited: Weak passphrase-based wallets (like “Brainwallets”) and Misconfigured Ethereum nodes. His approach made him nearly unstoppable,” wrote Web3 analyst Pix. 

Crypto security expert Adrian Bednarek stated that the hacker broke 732 private keys, which were linked to 49,060 transactions. The “Blockchain Bandit” started operating in 2016, with most of the thefts occurring in 2018. Within just eight months, they had stolen 45,000 ETH through automated methods, making them one of the largest threats in the crypto world.

Ethereum’s early vulnerabilities contributed to the problem. While developers are improving coding practices, the damage is done. The Bandit’s automated key-scanning system exploited these weaknesses. It drained wallets with remarkable efficiency.

Blockchain Bandit Suspected of Ties to North Korea’s Lazarus Group

The Blockchain Bandit’s operation has attracted more than just technical attention. Some cybersecurity experts suspect a connection between the Bandit and North Korean hacker groups. These groups are notorious for targeting crypto platforms to fund state-backed operations, including weapons development. The Bandit’s methods and the scale of the theft closely mirror those of Lazarus, a shadowy group tied to North Korea.

The return of the Blockchain Bandit highlights the vulnerabilities within the crypto space. These weaknesses are an inevitable part of the blockchain ecosystem. Crypto security experts warn that flaws in private key generation can lead to major breaches. Hackers exploiting defective random number generators can replicate private keys and gain unauthorized access to wallets. This incident underscores the need for secure key management and strong encryption practices.

Crypto Hacks Wipe Out $2.3 Billion This Year

Crypto hackers stole over $2.3 billion in assets across 165 incidents this year. This marks a 40% increase from 2023, when they stole $1.69 billion, according to a report by on-chain security firm Cyvers. Bitcoin surpassed $100,000 on December 6, fueling the surge.

Crypto hacks wipe out $2.3B in 2024, marking 40% YoY surge

According to Cyvers, the 40% yearly increase was mainly driven by growing access control vulnerabilities amid centralized exchanges and cryptocurrency custodians.#Norque #NOQ #Bitcoin #ETH #AI #Blockchain

— NORQUE-NOQ (@NorqueNoq) December 24, 2024

Smart-contract exploits stole $456 million across 98 incidents. They became the second-largest attack vector, responsible for 19% of the total value lost this year. Access control vulnerabilities stole $1.9 billion in 2024. They accounted for over 81% of the total losses from crypto hacks, spanning 67 incidents.