During a six-year stealing spree, the hacker amassed as much as $90 million in cryptocurrency.
A hacker known as the “Blockchain Bandit” has awoken after a six-year hibernation and has begun to relocate their ill-gotten assets.
According to Chainalysis, about $90 million in cryptocurrency stolen from the attacker’s long-running thread of “programmatic theft” since 2016 has begun to move in the last week.
This includes 51,000 Ether and 470 Bitcoin worth around $90 million leaving the Bandit’s address for a new one, according to Chainalysis.
“We suspect that the bandit is moving their funds given the recent jump in prices.”
The hacker was called the “Blockchain Bandit” for his ability to empty Ethereum wallets protected by weak private keys in a practise known as “Ethercombing.”
Since the first strikes six years ago, the attacker’s “programmatic theft” method has drained more than 10,000 wallets from people all across the world.
Cointelegraph stated in 2019 that the “Blockchain Bandit” amassed about 45,000 ETH by successfully guessing such vulnerable private keys.
The hacker was discovered by mistake, according to a security analyst, while researching private key generation. At the moment, he noticed that the hacker had set up a node to automatically steal money from addresses with weak keys.
The researchers discovered 732 weak private keys linked to 49,060 transactions. However, it is unclear how many of those were taken advantage of by the bandit.
“A man with an address was going around and syphoning money from some of the keys we had access to,” he explained at the time.
Chainalysis generated a flowchart demonstrating the movement of cash, however it did not indicate the destination address, instead classifying them as “intermediary addresses.”
Chainalysis urged users to utilise well-known and reputable wallets and to consider shifting funds to hardware wallets if substantial quantities of bitcoin are involved in order to prevent having weak private keys.
A computer researcher also uncovered a wallet vulnerability in 2019 that issued the same key pairs to several users.