Suche
Mein Konto
The infamous Blockchain Bandit” begins moving his supply 6 years later
As we have seen over the years, blockchains are not quite as secure as some claim. Although the technology is one of the most secure methods of storing data available to the public, poor coding, social engineering, and the like can make it more likely for criminal actors to take advantage of unwary victims. Guessing games In the case of “Blockchain Bandit,” however, the technology worked as intended. The unknown attacker managed to steal crypto assets from up to 732 wallets through a process known as ethercombing – essentially educated guesswork. A private key to an Ethereum wallet is a 78-digit sequence of random numbers. …
The infamous Blockchain Bandit” begins moving his supply 6 years later
As we have seen over the years, blockchains are not quite as secure as some claim.
Although the technology is one of the most secure methods of storing data available to the public, poor coding, social engineering, and the like can make it more likely for criminal actors to take advantage of unwary victims.
Guessing games
However, in the case of “Blockchain Bandit,” the technology worked as intended. The unknown attacker managed to steal crypto assets from up to 732 wallets through a process known as ethercombing – essentially educated guesswork.
A private key to an Ethereum wallet is a 78-digit sequence of random numbers. In theory, this should be impossible to guess without quantum computers or other resources that, as far as we know, don't yet exist.
However, the sheer number of strings eventually makes it possible to guess a private key by having a low value. Statistically, this would be due to a mistake or an inexperienced user selecting the key themselves.
"If a private key is chosen at random, the chance of someone else generating the same key is about 1 in 2256, which is effectively a 0 percent chance. Since the chance of a private key of 0x01 occurring by chance is about zero percent, we must assume that this value was chosen either intentionally or due to error."
For a detailed summary of the mathematics involved, see this academic article. In summary, the probability of guessing a private key is about the same as identifying a specific atom in our universe.
That didn’t stop the Blockchain Bandit.
Methodical work
For the past few years, the unknown villain has been searching the blockchain for wallets with private keys whose values add up to numbers from 1 to 732. By doing this for a few years they had amassed a fortune. Her wallet is currently being emptied of 51,000 Ether and 470 Bitcoin, now worth around $90 million - a sum smaller than many of the hacks we've seen throughout 2022, but no less impressive.
The news was spread by Chinalysis, who suspect that the crypto market's recent upward movements gave the attacker the impetus to cash out.
1/ 🚨$90M stolen funds on the way: After 6 years of hodling, the “Blockchain Bandit” has awakened. In this 🧵 we cover how the Blockchain Bandit amassed this treasure trove and where the funds are currently stored.
— Chain Analysis (@ChainAnalysis) January 25, 2023
Given the enormous amount of time required for such an operation, it is possible that the attacker was actually a state actor - although an organized crime ring or an ordinary individual could also be the culprits.
.