After six years of hodling, the notorious “Blockchain Bandit” has woken up and begun moving some of the $90 million worth of stolen funds sitting in their wallet. Below, we’ll discuss how this prolific thief used a tactic called “Ethercombing” to steal crypto from thousands of users back in 2015 and 2016, and show you where they’ve begun to move funds in the last week.
Who is the Blockchain Bandit?
The Blockchain Bandit is an as yet unknown individual or group who emptied the wallets of over 10,000 cryptocurrency users in 2015 and 2016. They did this using a process called “Ethercombing” to identify and drain Ethereum addresses with weak private keys.
Andy Greenberg described the process in more detail in a 2019 Wired article, but essentially, the thief’s process relies on the fact that it’s possible to determine an address’ public key if you know its private key. The Blockchain Bandit exploited this, and appears to have come up with an automated system to scan a list of weak private keys that may be in use — for instance, single-digit private keys — see if there was an address using that key, and drain the address of its funds. Using this strategy, the Blockchain Bandit amassed a fortune of over 51,000 Ether, stolen from over 10,000 individual wallets.
The Blockchain Bandit moves funds for the first time in six years
For six years, the Blockchain Bandit’s wallet was almost entirely dormant, moving none of its stolen treasure trove. But that changed on January 16, 2023, when the Bandit began transacting again. Between that date and January 21, the Blockchain Bandit moved almost all of their holdings — 51,000 Ether and 470 Bitcoin worth approximately $90 million at current prices — to new addresses.
We suspect this sudden surge in activity is related to the recent jump in crypto asset prices. We’ll continue to monitor the situation and share updates where possible, but in the meantime, this is a great opportunity to consider best practices around private keys. We encourage all users to store funds using well-known, trusted personal wallets that won’t generate weak private keys, and to consider keeping large holdings in hardware wallets, especially if they don’t plan to transact frequently.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.