American blockchain analysis firm Chainalysis has confirmed the movement of funds stolen by Blockchain Bandit, a cybergang notorious for siphoning digital assets from wallets with vulnerable private keys. Since 2016 when the hackers terminated their six-year-long thieving spree which accumulated a total of $90 million for them, this is the first time that the loot is being transferred.
Blockchain Bandit earned this moniker from the ability to hijack and drain Ethereum wallets that have weak private keys through a process known as Ethercombing.
The international cybergang successfully guessed many of these private keys. So far, the hackers have engaged in a ‘programmatic theft’ scheme and attacked over 10,000 wallets globally. The hackers’ loot includes 470 Bitcoin (BTC) and 51,000 Ether (ETH) which is valued at approximately $90 million.
Chainalysis suspect that the recent jump in the price of crypto may have influenced Blockchain Bandit’s decision to move the ill-gotten wealth. They may plan to capitalize on this recent price rally to gain a position in the crypto market before the market becomes bearish again. “We suspect that the bandit is moving their funds given the recent jump in prices.”
Blockchain Bandit Employed Ethercombing Approach
Adrian Bednarek, a security consultant concerned with the notorious complexity and the potential security vulnerabilities present in the Ethereum ecosystem attempted to explain the activities of the ‘Bandit’ in 2019.
From his analysis, he noticed that a significant number of crypto users store their assets with easily guessable private keys. After conducting their study, Bednsrek and his colleagues found 732 guessable keys that had been exploited.
“He was doing the same things we were doing, but he went above and beyond,” Bednarek explained. “Whoever this guy or these guys are, they’re spending a lot of computing time sniffing for new wallets, watching every transaction, and seeing if they have the key to them.”
Chainalysis has advised users to leverage reliable wallets that generate stronger private keys and engage hardware wallets that are less susceptible to hacks. Meanwhile, 25-year-old Nicholas Truglia, faced charges in 2022 for conducting crypto fraud the previous year and has been sentenced to 18 months in jail.