The infamous hacker group, under the guise of “Blockchain Bandit,” made a grand comeback with a sensation of merging 51,000 Ether into a single wallet, which totaled $172.2 million, almost two years after being inactive.
Funds transfer occurred between 8:54 pm and 9:18 pm UTC on Dec. 30 from 10 inactive wallet addresses into a multi-signature wallet labeled as “0xC45…1D542.” Each transaction accounted for 5,000 ETH. Among them, the ones that had been on Jan. 21, 2023, all were the ones that the blockchain bandit transferred 470 Bitcoin (BTC) along with Ethereum (ETH).
The “Blockchain Bandit” is the one that has implemented one of the new forms of cybercrime by using the weak private keys method, known as “Ethercombing”, which relies on the brute force approach for finding issues in not-well-written code and randomness generators. As for the crypto security expert Adrian Bednarek, the hacker was able to break 732 private keys, corresponding with 49,060 transactions.
The bandit started in 2016, but most of the theft cases were in 2018. After eight months, he had already generated 45,000 ETH through programmatic theft; this activity made him the biggest threat in the crypto world. This incident became a real thorn in the side of the rise in the number of crypto thefts that have been happening over the last few years.
The comeback of the Blockchain Bandit highlights, at the same time, the crypto vulnerabilities that are an inevitable part of the blockchain ecosystem. In a report from onchain security firm Cyvers, the total amount of money stolen in 165 security incidents in 2024 was around $2.3 billion, which was a 40% rise from the previous year. 81% of the total lost money, or $1.9 billion, was the result of access control breaches on the centralized exchanges and custodial platforms, with major focus on pig butchering scams.
