Blockchain Bandit Moves $172M in Stolen Ether After Two Years of Dormancy

The notorious hacker known as Blockchain Bandit has resurfaced after nearly two years of inactivity, moving a substantial sum of stolen Ether (ETH) worth approximately $172 million. The funds, totaling 51,000 ETH, were transferred from 10 separate wallet addresses into a multi-signature wallet, according to blockchain investigator ZachXBT.

The transfer took place in multiple batches of 5,000 ETH each, occurring between 8:54 pm and 9:18 pm UTC on December 30, 2024. The stolen Ether had been dormant since January 21, 2023, when the funds were last moved, along with 470 Bitcoin (BTC). The sudden consolidation of the funds into a single wallet has raised concerns about the hacker’s next move.

How Blockchain Bandit Stole the Ether

Blockchain Bandit’s exploits date back to between 2016 and 2018, during which time the hacker amassed 51,000 ETH. The funds were primarily accumulated through a method known as "Ethercombing," where the hacker guessed weak private keys associated with Ethereum addresses. Though guessing private keys is considered a near-impossible task, the Bandit succeeded in uncovering 732 private keys linked to 49,060 transactions by exploiting faulty code and flawed random number generators.

The hacker's approach, which combined brute-force search methods with a deep understanding of coding vulnerabilities, allowed them to steal Ether over several years. In total, nearly 45,000 ETH was obtained using this method, while the rest of the funds came from other sources. Despite the large scale of the thefts, the identity of Blockchain Bandit remains unknown, though some security experts, such as Adrian Bednarek, have speculated that a state actor, potentially North Korea, could be behind the operation.

A Rise in Cybercrime: 2024 Crypto Hacks

The re-emergence of Blockchain Bandit coincides with an alarming trend in the broader crypto industry. In 2024, hackers stole over $2.3 billion in assets across 165 major incidents, marking a 40% increase from the previous year, according to a report from on-chain security firm Cyvers. This surge in crypto crime is largely attributed to rising access control breaches, particularly within centralized exchanges and custodial platforms.

Access control vulnerabilities were responsible for 81% of the stolen value in 2024, totaling $1.9 billion, and were linked to 67 major cybersecurity incidents. The rise in such breaches highlights the ongoing risks and challenges facing the cryptocurrency ecosystem as it continues to grow and attract malicious actors.

The Ongoing Risk of "Programmatic Theft"

Blockchain Bandit’s case serves as a stark reminder of the vulnerability of the crypto space to "programmatic theft"—a type of cybercrime that exploits coding errors and weak protocols. While advances in blockchain security have been made, the persistence of hackers like Blockchain Bandit suggests that vulnerabilities in the system remain. The reappearance of such funds also raises concerns that the hacker may be preparing to liquidate the stolen assets, which could have a significant impact on the market.

As the crypto industry works to address security flaws and strengthen its defenses, the case of Blockchain Bandit underscores the need for ongoing vigilance and enhanced protections against the growing threat of crypto-related cybercrime.