The “Blockchain Bandit” Uses Guesses To Steal ETH From Weak Private Keys, According To Analyst

Hackers are getting increasingly clever by the day, finding ways to infiltrate customer wallets with phishing, technical advancements, and more. However, the ability to break into wallets is not as difficult for some accounts, as one thief has found. The thief, who has been dubbed the “blockchain bandit,” has managed to guess his way through these weak private keys, acquiring nearly 45,000 ETH along the way.

The hacker was discovered by Adrian Bednarek, a senior security analyst with Independent Security Evaluators, according to an April 23^rd report. Even though it is highly unlikely that someone could succeed in guessing a private key, the Blockchain Bandit still managed to reveal 732 private keys in doing a little research, which meant he could complete transactions like he owned the wallets himself.

In the report, Bednarek explains that the method used to discover these random private keys was with seeking out faulty codes and faulty random number generators. Typically, scammers that gain private keys either have to use brute force or phishing schemes.

Upon further research, Bednarek found that there were some wallets involved with the private keys that were experiencing high volumes to one address, and no funds were coming out at all. That is how the analyst found the Blockchain Bandit, who was “siphoning money from some of the keys we had access to.” Of the over 700 private keys, there were 12 keys associated with accounts that Bednarek’s organization had access to. Basically, he concluded that the thief was taking funds as soon as they entered the affected wallets.

At its top value, the total number of Ethereum coins stolen by the Bandit would be work over $50 million, but the current prices make the funds worth about $7.8 million instead. Bednarek believes that there had to be some point when coding errors in the software left the private keys at risk. Still, there is a chance that owners of these wallets are creating identical passphrases by choosing weak phrases, like “abc123,” “password,” or none of all.

Even with this information, the actual identity of the fraudster is unknown, though Bednarek theorizes that a state actor could be the culprit, like North Korea. Last month, reports from the U.N. Security Council found that the independent state had managed to use hacking attacks to collectively acquire $670 million in fiat and crypto, trying to hide from punishing economic sanctions.