Notorious Crypto Hacker Returns After 5 Years, Transferring Money to New Wallet

After years of silence, the notorious hacker Blockchain Bandit has reappeared, causing concern for the crypto community. According to ZachXBT, a well-known on-chain tracing expert, the hacker transferred 51,000 ETH, or $172.2 million, into a multi-signature wallet (0xC45C36017B0B7708F493534CA4F0930964C1D542).

Blockchain Bandit's recent moves mark the first recorded activity in more than five years. Using multi-signature addresses is a tool often associated with high security hacker actions that indicate intent to protect stolen assets.

The purpose behind this transfer is not yet clear, but the large amount and timing of its execution suggest the possibility of starting a new phase in the activity of the Bandit hacker.

Some speculate that the money could be prepared to be transferred to the CEX exchange and sold, although converting such a large sum without detection is a major challenge. Others suggest hackers may be diversifying portfolios or exploring opportunities in the decentralized finance (DeFi) sector. Whatever the purpose, this event brought Blockchain Bandit back into the spotlight.

The story of Blockchain Bandit began around 2016, in the early days of Ethereum. Unlike typical hackers who use phishing or malware, this attacker exploited a vulnerability based on human error and weak security practices.

Specifically, Bandit targets Ethereum wallets protected by private keys or weak mnemonic phrases. By automating the scanning process, this hacker identified poorly secured wallets and drained assets correctly. Although guessing private keys is not considered statistically impossible, the hacker discovered 732 private keys involved in 49,060 transactions.

Between 2016 and the end of 2018, Blockchain Bandit is said to have withdrawn millions of dollars of ETH and ERC-20 tokens. It is estimated that more than 10,000 wallets were affected by this method, accumulating an asset block of more than $200 million at its peak.

This hacker activity was so effective that it became a blood bone lesson for developers and users about the importance of securely creating and storing private keys.

Hackers used brute force to test and search for random private keys. At the same time, they detect errors in the code and incorrect random number generators, making it easy to detect weak private keys. This process is called “Ethercombing”.

Despite its simplicity, this method has had serious consequences. By leveraging automation, Bandit can track and block transactions in real time, ensuring that any funds sent to compromised wallets are stolen instantly. This low-risk, high-return approach has made hacker activity both effective and nearly untraceable.

Over the years, there have been many attempts to expose the identity of the Blockchain Bandit. Blockchain analytics companies, independent researchers, and law enforcement agencies have all investigated the hacker's activity. However, Bandit's trace-clearing skills failed most of these attempts.

After years of absence, the re-emergence of Bandit serves as a reminder to developers to improve the security of the decentralized financial system that has many vulnerabilities today.