After a quick hiatus, the infamous “Blockchain Bandit” has re-emerged because the 12 months ends, consolidating a staggering 51,000 ETH, valued at roughly $172 million, right into a single multisig pockets.
This switch was made on December 30.
“Blockchain Bandit” Returns
Within the newest replace, distinguished blockchain investigator ZachXBT revealed that the consolidation originated from 10 wallets, which have been dormant for nearly two years, with the final exercise being flagged in January 2023. Alongside the Ether switch, 470 BTC have been additionally moved.
The Blockchain Bandit earned infamy between 2016 and 2018 by way of an insidious approach known as “Ethercombing.” By exploiting cryptographic vulnerabilities, the attacker systematically guessed weak non-public keys, which have been typically generated by defective random quantity algorithms or misconfigured wallets.
This technique allowed the malicious entity to steal greater than 45,000 ETH throughout 49,060 transactions by compromising 732 non-public keys. Whereas brute-forcing non-public keys is mostly deemed inconceivable as a consequence of their huge numerical vary, the Bandit capitalized on predictable flaws corresponding to non-random key technology and poorly applied restoration phrases.
Cybersecurity analysts recommend that state-sponsored actors, probably North Korean hacker teams, may very well be behind the assaults, noting parallels with different large-scale crypto thefts. Such teams are identified to focus on cryptocurrency platforms to fund illicit operations, together with weapons applications.
The Bandit’s current exercise – coupled with using multi-signature wallets – alerts preparations for doubtlessly laundering the funds by way of mixers or decentralized exchanges to obscure their origins.
From Pretend Conferences to Seed Phrase Traps
This attacker’s resurgence comes amid a wider uptick in crypto cybercrime as fraudsters develop new methods to ensnare unsuspecting targets. Earlier this month, hackers have been reported to have exploited faux Zoom assembly hyperlinks to focus on crypto customers and steal delicate credentials in addition to digital belongings.
SlowMist traced the malware’s code to Russian-linked operatives, revealing over $1 million transformed to ETH.
One other rip-off focused opportunistic thieves by sharing seed phrases of pretend crypto wallets. As soon as accessed, the wallets demand TRX for transaction charges, rerouting funds to scammers as a substitute. Kaspersky warns that this scheme, disguised as a newbie’s mistake, manipulates thieves into changing into victims of their very own greed.
SPECIAL OFFER (Sponsored) Binance Free $600 (CryptoPotato Unique): Use this hyperlink to register a brand new account and obtain $600 unique welcome provide on Binance (full particulars).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this hyperlink to register and open a $500 FREE place on any coin!