Adrian Bednarek, a senior security analyst, said he discovered the sophisticated hacker by accident. While guessing a private key is meant to be a statistical improbability, he managed to uncover 732 private keys through his research — giving him the ability to complete transactions as if he was the account holder.
The report notes that rather than using a brute force search for random private keys, it used a combination of looking for faulty code and faulty random number generators.
Bednarek then noticed how some of the wallets associated with the private keys found with their suboptimal methods had high volumes of transactions going to a single address, with no money coming back out. Bednarek said:
“There was a guy who had an address who was going around and siphoning money from some of the keys we had access to. We found 735 private keys, he happened to take money from 12 of those keys we also had access to. It’s statistically improbable he would guess those keys by chance, so he was probably doing the same thing […] he was basically stealing funds as soon as they came into people’s wallets.”
At the height of ether’s value, it is estimated that the bandit’s haul would have been worth more than $50 million. At the time of writing, the funds would be valued at approximately $7.8 million.
According to Bednarek, the private keys may have been vulnerable because of coding errors in the software responsible for generating them. Another theory is that crypto owners who obtain private keys through passphrases are generating identical ones by using weak entries such as “abc123,” or even leaving their passphrases blank.
Although the identity of the blockchain bandit is unknown, Bednarek has suggested that a state actor such as North Korea could be behind the thefts. In March, a U.N. Security Council report claimed that the isolated state had amassed $670 million in fiat and cryptocurrencies through hacking attacks as it tries to circumvent punishing economic sanctions.