Hackers harvested up to $90 million worth of cryptocurrency from wallets using weak private keys during a six-year heist.
Hackers called “blockchain Bandit” have finally awakened from their six-year hiatus and started to move their illicit profits.
According to Chainalysis, about $90 million in cryptocurrency stolen from the attacker’s long-running chain of “programmatic theft” since 2016 has moved in this one week.
It contained 51,000 Ether and 470 Bitcoins, worth a total of about US$90 million, and the thieves’ address was changed to a new address. Chain analysis found:
“We suspect that the bandit is moving their funds given the recent jump in prices.”
The hackers were dubbed the “Blockchain Bandit” for their ability to empty Ethereum wallets protected by weak private keys in a process called “Ethercomming.”
The attacker’s “programmatic theft” process has exfiltrated over 10,000 of the wallets of individuals around the world since the initial attack six years ago.
Security analysts say they stumbled across the hacker while investigating private key generation. We then discovered that hackers had set up a node that automatically steals funds from addresses with weak keys.
Researchers identified 732 of his vulnerable private keys associated with a total of 49,060 transactions. However, it is unknown how many of these the bandits exploited.
“There was a man with an address who was going around stealing money from some keys we had access to,” he said at the time.
Chainalysis created a chart showing the flow of funds, but without specifying the destination address, just labeling it as an “intermediate address.”
To avoid weak private keys, Chainalysis advised users to use well-known and trusted wallets and consider moving funds to hardware wallets when dealing with large amounts of cryptocurrency.