Table of Contents
Toggle
**51,000 Ether Transferred in a Hack**
**Weak Private Key Guessing Attack**
**$2.3 Billion Lost in 2024**
**51,000 Ether Transferred in a Hack**
According to a Telegram post by blockchain investigator ZachXBT on December 30, the hacker transferred 51,000 Ether (ETH) from 10 different wallet addresses to a multi-signature address “0xC45…1D542.”
This substantial transfer was executed in batches of approximately 5,000 Ether between 8:54 PM and 9:18 PM (UTC) on December 30. Prior to this, the funds had remained inactive in the 10 different wallets for nearly two years since being transferred on January 21, 2023. Additionally, the hacker transferred 470 Bitcoin (BTC) earlier in 2023.
**Weak Private Key Guessing Attack**
The “Blockchain Bandit” first emerged in 2016 and reached the peak of its theft activities in 2018. According to a report by security firm Independent Security Evaluators, the hacker systematically searched for weak private keys using a technique called “Ethercombing,” exploiting faulty random number generators and code vulnerabilities. They successfully cracked 732 sets of private keys, accumulating over 45,000 Ether through nearly 49,060 transactions.
From a technical perspective, this “weak private key guessing attack” should statistically be nearly impossible; however, due to certain wallets or tools utilizing low-quality random number generators when generating private keys, the keys were not completely random, thereby allowing the hacker to execute “weak private key guessing attacks.”
Using verified wallet software (such as MetaMask, Ledger, Trezor) can help avoid this issue.
To date, the true identity of the “Blockchain Bandit” remains a mystery. However, security analyst Adrian Bednarek has speculated that state-level actors, such as North Korea, may be involved, potentially using such methods to raise illicit funds on a large scale.
**$2.3 Billion Lost in 2024**
According to a report by on-chain security company Cyvers, a total of 165 significant cryptocurrency security incidents occurred in 2024, resulting in total losses amounting to $2.3 billion, a 40% increase compared to 2023.
Among these incidents, access control breaches emerged as the primary attack vector, accounting for 81% of all incidents and leading to losses of $1.9 billion. These vulnerabilities primarily occurred in centralized exchanges and custodial platforms, exposing significant security risks within the cryptocurrency industry.
