Researchers at Independent Security Evaluators found that one “blockchain bandit” stole $54 million in Ether from wallets with weak private keys.

Those who traffic in cryptocurrency always need to be concerned with security. There are those who don’t store their crypto on exchanges as they feel there isn’t adequate protection offered against hackers. People put a lot of faith into their cryptocurrency wallets, but such faith can be severely misplaced. Researchers at Independent Security Evaluators (ISE) found that thieves are making big bucks by targeting wallets on the Ethereum blockchain that have very weak private keys.

Staggering amounts of Ether stolen

Adrian Bednarek of ISE decided to see if an Ethereum holder had kept their ETH in a wallet that had a private key with the value of 1. To his surprise, he found that someone had and that the wallet had been cleaned out. He went on to check other wallets using other simple private keys, such as 2, 3, and so on. Bednarek found, in each case, that the wallet had been emptied, most likely by a thief who had used the private key to ascertain the public address of the wallet.

Bednarek took his findings to his colleagues at ISE, and they developed code that would check for billions of private keys that could be easily guessed. Their results were rather surprising.

Overall, they found 732 private keys that could easily fall prey to such brute force attacks. They also found that tens of thousands of Ether had been stolen by thieves targeting these poorly-protected wallets. The researchers found one particular “blockchain bandit” that had moved 37,926 ETH to his wallet by January 13, 2018. At that time, Ether was trading for $1.432 USD, which means the bandit’s ill-gotten loot was worth $54.3 million. However, the massive decline in Ether prices means that his stash is only worth $7.7 million today (more ETH has been added to the bandit’s wallet since early 2018).

Bednarek humorously remarks:

“Don’t you feel bad for him? You have a thief here that amassed this fortune and then lost it all when the market crashed.”

The blockchain bandit is not alone in attacking these poorly protected wallets. Bednarek put a small amount of ETH in some wallets with weak passwords that had not been used yet. Almost instantly, the wallets were emptied. The researchers even found out that the “blockchain bandit” had tried to access one of the wallets but was beaten by just a few milliseconds by another hacking thief.

ISE maintains that developers need to be aware of such threats and that they “should incorporate all available defense in depth principles to counter present threats and use innovative measures to counter advanced present and future threats against these high-value assets.”

Could North Korea be the blockchain bandit?

ISE identified a number of malicious campaigns targeting wallets on the Ethereum blockchain. As for the “blockchain bandit,” Bednarek believes it could be North Korea, although he admits that this is pure speculation.

North Korea has been identified as the culprit behind five separate attacks on cryptocurrency exchanges in Asia over the last couple of years. The affected exchanges include YouBit, Coinis, Yapizon, Coincheck, and Bithumb. The hacks were allegedly carried out by a group called Lazarus, who are either independent hackers working for North Korea or are part of the North Korean government.

The hacking attacks by North Korea are being carried out to replenish the country’s empty coffers that are the result of the ongoing economic sanctions.

The actual identity of the “blockchain bandit” isn’t truly important. The attacks do show the importance of having strong private keys along with developers doing everything possible to ensure the highest levels of security.