After years of silence, the Blockchain Bandit is caught in action after it transferred the 51,000 Ether which it has stolen-valued at $172 million at today's prices-into a single wallet.

Blockchain investigator ZachXBT, who tracked the bandit's exploits for years, broke the story in a Telegram post, revealing that the stolen Ether was consolidated from ten separate wallets into a multi-signature address.

The transfers occurred in 5,000 Ether batches over a rapid 24-minute window, starting at 8.54 pm UTC and concluding by 9.18 pm UTC. During that period, they also moved 470 Bitcoin, adding to their infamous record.

Despite the massive movement, the price of Ether remains unaffected at the time of writing.

The mastermind of Ethercombing

The Blockchain Bandit made waves in the blockchain community between 2016 to 2018 when they achieved something that was previously deemed statistically impossible.

The Blockchain Bandits exploited weak private keys created by flaws in Ethereum's early cryptographic systems, such as predictable random number generation and sloppy coding practices that left many wallets vulnerable.

This method, dubbed "Ethercombing," uses a systematic method to guess the private keys tied to active wallets, allowing them access to user's private funds. Using this method, the hackers manage to force access into a total of 732 accounts and loot a total of 45,000 Ether.

Fast forward to today, and those early vulnerabilities are still haunting Ethreum users. The 51,000 Ether that was moved recently is the same stash that had been stiing untouched since January 21, 2023.

On that day, the hacker had previously shifted the funds from a prior location, along with 470 Bitcoin, to keep their loot under the radar.

Speculations of Blockchain Bandits links to North Korea?

Some experts, like Adrian Bednarek, have speculated that state actors, potentially North Korea, could be behind the sophisticated thefts.

North Korean hacker groups are infamous for targeting crypto platforms to fund state-sponsored activities, including weapons programs.

Some have also pointed out that the methods and the sheer size of the theft resemble the tactics used by Lazarus, the secretive hacker group linked to North Korea.

Bandit's method also teaches us the role of the users when it comes to security protection. Many cases of hacks are caused by reasons such as weak private keys, which is a low hanging fruit for hackers who can just take advantage of the lazy coding and user negligence.

Even today, many users fail to follow basic security protocols. Poorly chosen passwords, reliance on default settings, and a lack of understanding about private key management all contribute to the ongoing risks.

Of course, Ethereum have a part to play when it comes to the vulnerabilities in their system. Despite their best effort to mend their coding practices, but the damage is already done.