Wallets linked to the notorious "Blockchain Bandit" have come back to life after being dormant for over five years. Crypto investigator ZachXBT reported that this hacker has consolidated 51,000 ETH, worth over $172 million, from ten different wallets into a single multi-signature wallet.

ZachXBT's analysis shows that all ten wallet addresses involved in this recent transfer last saw action in 2018. This indicates that the hacker is accessing these funds for the first time in years. But who is this Blockchain Bandit? For those new to the crypto scene, this name might not ring a bell. However, for seasoned enthusiasts, it’s a name that brings back unsettling memories from 2018.

The Blockchain Bandit is known for exploiting weak private keys on the Ethereum blockchain to steal cryptocurrency. This hacker gained infamy by guessing the private keys of vulnerable wallets, raking in millions in the process.

How did it work? The attacker scanned the Ethereum network for wallets secured by weak or poorly generated private keys. These weaknesses often resulted from programming errors or flawed cryptographic libraries. By using automated scripts, the Bandit searched for vulnerable addresses. Once a weak key was found, the hacker quickly transferred the funds to their own wallet. Often, it took days for the wallet owners to realize they had been robbed.

In total, this hacker stole over 50,000 ETH from more than 10,000 wallets using this straightforward method. The term "Blockchain Bandit" first appeared in a WIRED article in 2019, which detailed the patterns of these attacks. Security analyst Adrian Bednarek pointed out how the bandit used a pre-generated list of keys to automate the scanning process and withdraw funds from vulnerable wallets in seconds.

Today’s activity marks the first time these wallets have been used since 2018. Some other wallets were active in January 2023, moving funds to buy Bitcoin. However, today’s transfer is the largest consolidation of stolen ETH by this hacker, suggesting a few possible scenarios.

First, moving funds into a multi-signature wallet could mean that the hacker is preparing for a big transaction or series of transactions. This might involve laundering the funds through mixers or decentralized exchanges to hide their origins.

Additionally, consolidating these funds could be a step toward liquidating some or all of the ETH. Selling such a large amount in the current market could raise concerns about Ethereum’s short-term price stability.

On the flip side, the hacker might be waiting for favorable market conditions, like a surge in ETH prices, to maximize the value of their stolen assets when they decide to sell.

Most worryingly, the consolidated ETH could be used to fund further attacks. For instance, it might cover transaction fees for new exploits or support operations on other blockchain networks.

The return of this infamous hacker is a significant concern for the crypto community. In 2023 alone, the industry lost $2.3 billion, a staggering 40% increase from 2022. Ethereum was the hardest-hit network in these incidents.