For one wildly-successful thief, scoring millions of dollars of cryptocurrency is as simple as guessing weak wallet passwords.
Security researchers found that a so-called “blockchain bandit” had hoarded 37,926 Ethereum — worth over $54 million — as of January, according to a new paper they published on Tuesday. The security experts could trace nearly $19 million of that stash back to compromised wallets that had been secured with weak private keys.
To track the bandit, who Gizmodo reports cannot be identified until they try to cash out and withdraw their Ethereum, the researchers put a dollar into a poorly-secured crypto wallet. The money immediately got funneled to the bandit’s wallet.
These wallets had private keys like “0x01,” the cryptocurrency equivalent of making your password “password.” A strong password would be many times longer and much less predictable — the researchers suggest that these keys could have been unintentionally truncated by a glitch in the wallet software. It’s also possible that they were crafted by the wallets’ owners instead of randomly generated and assigned, according to Gizmodo.
Ultimately, no matter how immutable the blockchain is supposed to be, the blockchain bandit’s success should serve as reminder to check your passwords and change them often.
READ MORE: A ‘Blockchain Bandit’ Has Made Off With Millions Just By Guessing Private Keys [Gizmodo]