Victor Tangermann
Put A Chain On That Wallet

Crypto Thief Stole $54 Million by Guessing Weak Passwords

byDan Robitzski
4. 23. 19
Victor Tangermann

Pick a strong password, people!

The Blockchain Bandit

For one wildly-successful thief, scoring millions of dollars of cryptocurrency is as simple as guessing weak wallet passwords.

Security researchers found that a so-called “blockchain bandit” had hoarded 37,926 Ethereum — worth over $54 million — as of January, according to a new paper they published on Tuesday. The security experts could trace nearly $19 million of that stash back to compromised wallets that had been secured with weak private keys.


To track the bandit, who Gizmodo reports cannot be identified until they try to cash out and withdraw their Ethereum, the researchers put a dollar into a poorly-secured crypto wallet. The money immediately got funneled to the bandit’s wallet.

These wallets had private keys like “0x01,” the cryptocurrency equivalent of making your password “password.” A strong password would be many times longer and much less predictable — the researchers suggest that these keys could have been unintentionally truncated by a glitch in the wallet software. It’s also possible that they were crafted by the wallets’ owners instead of randomly generated and assigned, according to Gizmodo.


Ultimately, no matter how immutable the blockchain is supposed to be, the blockchain bandit’s success should serve as reminder to check your passwords and change them often.

READ MORE: A ‘Blockchain Bandit’ Has Made Off With Millions Just By Guessing Private Keys [Gizmodo]

More on security: Hacker Exposes Security Vulnerability in Popular Cryptocurrency Site Etherscan

As a Futurism reader, we invite you join the Singularity Global Community, our parent company’s forum to discuss futuristic science & technology with like-minded people from all over the world. It’s free to join, sign up now!


Share This Article

Copyright ©, Singularity Education Group All Rights Reserved. See our User Agreement, Privacy Policy and Cookie Statement. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Futurism. Fonts by Typekit and Monotype.