New Security Evaluators Report: Weak Private Keys Cause “Blockchain Bandit” to Steal 45,000 ETH

The “Blockchain Bandit” Uses Guesses To Steal ETH From Weak Private Keys, According To Analyst

Hackers are getting increasingly clever by the day, finding ways to infiltrate customer wallets with phishing, technical advancements, and more. However, the ability to break into wallets is not as difficult for some accounts, as one thief has found. The thief, who has been dubbed the “blockchain bandit,” has managed to guess his way through these weak private keys, acquiring nearly 45,000 ETH along the way.

The hacker was discovered by Adrian Bednarek, a senior security analyst with Independent Security Evaluators, according to an April 23rd report. Even though it is highly unlikely that someone could succeed in guessing a private key, the Blockchain Bandit still managed to reveal 732 private keys in doing a little research, which meant he could complete transactions like he owned the wallets himself.

In the report, Bednarek explains that the method used to discover these random private keys was with seeking out faulty codes and faulty random number generators. Typically, scammers that gain private keys either have to use brute force or phishing schemes.

Upon further research, Bednarek found that there were some wallets involved with the private keys that were experiencing high volumes to one address, and no funds were coming out at all. That is how the analyst found the Blockchain Bandit, who was “siphoning money from some of the keys we had access to.” Of the over 700 private keys, there were 12 keys associated with accounts that Bednarek’s organization had access to. Basically, he concluded that the thief was taking funds as soon as they entered the affected wallets.

At its top value, the total number of Ethereum coins stolen by the Bandit would be work over $50 million, but the current prices make the funds worth about $7.8 million instead. Bednarek believes that there had to be some point when coding errors in the software left the private keys at risk. Still, there is a chance that owners of these wallets are creating identical passphrases by choosing weak phrases, like “abc123,” “password,” or none of all.

Even with this information, the actual identity of the fraudster is unknown, though Bednarek theorizes that a state actor could be the culprit, like North Korea. Last month, reports from the U.N. Security Council found that the independent state had managed to use hacking attacks to collectively acquire $670 million in fiat and crypto, trying to hide from punishing economic sanctions.

Live Ethereum (ETH) Price:

1 ETH/USD =$1,902.9978 change ~ -1.29%

Coin Market Cap

$221.5 Billion

24 Hour Volume

$31.51 Billion

24 Hour VWAP

$1.87 K

24 Hour Change


Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide