Victor Tangermann
Put A Chain On That Wallet

Crypto Thief Stole $54 Million by Guessing Weak Passwords

byDan Robitzski
4. 23. 19
Victor Tangermann

Pick a strong password, people!

The Blockchain Bandit

For one wildly-successful thief, scoring millions of dollars of cryptocurrency is as simple as guessing weak wallet passwords.

Security researchers found that a so-called “blockchain bandit” had hoarded 37,926 Ethereum — worth over $54 million — as of January, according to a new paper they published on Tuesday. The security experts could trace nearly $19 million of that stash back to compromised wallets that had been secured with weak private keys.


To track the bandit, who Gizmodo reports cannot be identified until they try to cash out and withdraw their Ethereum, the researchers put a dollar into a poorly-secured crypto wallet. The money immediately got funneled to the bandit’s wallet.

These wallets had private keys like “0x01,” the cryptocurrency equivalent of making your password “password.” A strong password would be many times longer and much less predictable — the researchers suggest that these keys could have been unintentionally truncated by a glitch in the wallet software. It’s also possible that they were crafted by the wallets’ owners instead of randomly generated and assigned, according to Gizmodo.


Ultimately, no matter how immutable the blockchain is supposed to be, the blockchain bandit’s success should serve as reminder to check your passwords and change them often.

READ MORE: A ‘Blockchain Bandit’ Has Made Off With Millions Just By Guessing Private Keys [Gizmodo]

More on security: Hacker Exposes Security Vulnerability in Popular Cryptocurrency Site Etherscan

Care about supporting clean energy adoption? Find out how much money (and planet!) you could save by switching to solar power at By signing up through this link, may receive a small commission.


Share This Article

Copyright ©, Camden Media Inc All Rights Reserved. See our User Agreement, Privacy Policy and Data Use Policy. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Futurism. Fonts by Typekit and Monotype.