Table of Contents
Toggle
50,000 Ether Transferred in Hacking Incident
Weak Private Key Guessing Attack
$2.3 Billion Lost in 2024
50,000 Ether Transferred in Hacking Incident
According to a Telegram post by blockchain investigator ZachXBT on December 30, the hacker transferred 51,000 Ether (ETH) from 10 different wallet addresses to a multi-signature address “0xC45…1D542”.
This substantial amount of funds was transferred in batches of approximately 5,000 Ether between 8:54 PM and 9:18 PM (UTC) on December 30. Prior to this, the funds had remained inactive in the 10 different wallets since being transferred on January 21, 2023, for nearly two years. Additionally, the hacker transferred 470 Bitcoin (BTC) at the beginning of 2023.
Weak Private Key Guessing Attack
The “Blockchain Bandit” first emerged in 2016 and reached a peak of theft in 2018. According to a report by security company Independent Security Evaluators, the hacker systematically searched for weak private keys using a technique called “Ethercombing,” exploiting faulty random number generators and code vulnerabilities, successfully cracking 732 sets of private keys and stealing over 45,000 Ether across nearly 49,060 transactions.
From a technical standpoint, such “weak private key guessing attacks” should statistically be nearly impossible; however, certain wallets or tools used low-quality random number generators when generating private keys, resulting in non-random private keys that allowed hackers to perform “weak private key guessing attacks” using scripts.
This issue can be avoided by using verified wallet software (such as MetaMask, Ledger, Trezor).
As of now, the true identity of the “Blockchain Bandit” remains a mystery. However, security analyst Adrian Bednarek has speculated that it might involve state-level actors, such as North Korea, who could be using such methods to raise illegal funds on a large scale.
$2.3 Billion Lost in 2024
According to a report by on-chain security company Cyvers, there were 165 major cryptocurrency security incidents in 2024, resulting in total losses amounting to $2.3 billion, a 40% increase compared to 2023.
Among these, access control breaches became the primary attack method, accounting for 81% of all incidents, with losses reaching $1.9 billion. These breaches primarily occurred in centralized exchanges and custodial platforms, highlighting significant security vulnerabilities within the cryptocurrency industry.