Hacker transfers $172 million in ETH after 2 years of dormancy

Blockchain Bandit, the notorious hacker who stole 51,000 ETH (about $172 million) mostly by guessing users' private keys, has just collected the entire amount into a single wallet after nearly two years of inactivity.

According to blockchain investigator ZachXBT, all of this ETH has been transferred from 10 different wallet addresses to a single multi-signature address. The operation took place between 3:54am and 4:18am on December 31 (Vietnam time), with transactions mainly carried out in lots of 5,000 ETH.

It is worth mentioning that this huge number of ETH has been “dormant” in 10 wallet addresses since January 21, 2023, when they were last moved. Around that time, the hacker also made transactions with 470 Bitcoins, indicating the significant scale of their activity.

Looking back on the past, Blockchain Bandit caused a stir in 2019 when he seized nearly 45,000 ETH by guessing low-security private keys. This is a seemingly impossible attack technique, because the probability of a private guess is extremely low.

However, by combining search for error codes and faulty random number generators (a method known as “Ethercombing”), Blockchain Bandit managed to detect 732 private links with 49,060 transactions.

Cryptocurrency security analyst Adrian Bednarek adds that the hacker has been carrying out this type of “programmatic theft” since 2016, with the largest thefts occurring in 2018.

Although the identity of the Blockchain Bandit remains an unknown, Bednarek once theorized that a state organization, such as North Korea, could be behind these activities.

This hypothesis becomes even more worrisome when set against the backdrop of rising crypto-related cyberattacks. According to a report by onchain security firm Cyvers, hackers stole more than $2.3 billion in assets with 165 incidents occurring in 2024, up 40 percent from 2023.

Notably, 81% of the value stolen (equivalent to $1.9 billion) was due to access control vulnerabilities, particularly on centralized exchanges and custodial platforms.

Blockchain Bandit's return after five years in hiding has raised many questions. Although some of these hacker-related wallets were used to transfer funds in January 2023, collecting the entire 51,000 ETH into a multi-signature wallet this time suggests they may be preparing for a big plan. Experts put forward several hypotheses, including:

• Preparing for the big deal: The transfer of money to a multi-signature wallet may indicate that the attacker is preparing for a large transaction or a series of transactions. This may include laundering money through cryptocurrency mixers, decentralized exchanges, or other tools to conceal the origin.
• ETH Liquidation: Collecting money can also be a preparatory step to liquidate part or all of the ETH. Notably, the liquidation of such a large amount of ETH in the current market could raise concerns about the Ethereum price in the short term.
• Waiting for favorable market conditions: On the other hand, an attacker can anticipate favorable market conditions, such as ETH price spikes, in order to maximize the value of the amount held upon liquidation.
• Funding for new attacks: The most worrying thing is that this ETH number could be used to fund further attacks.

Notably, the ETH price does not seem to be much affected by this information. At the time of writing, ETH is trading around $3,335, which follows the general trend of Bitcoin with a slight gain of 0.15% over the past 24 hours.

This suggests that the market may be waiting for Blockchain Bandit's next moves to have a clearer reaction.

The incident is a reminder of the cybersecurity risks in the cryptocurrency world. With the constant development of technology, hackers are also becoming more sophisticated, requiring the community to raise its vigilance and adopt the necessary security measures to protect its assets.