A "blockchain bandit” targeted easily guessable private keys to steal cryptocurrency, Wired writes. Security consultancy Independent Security Evaluators found that out of 34 billion blockchain addresses, at least 732 guessable keys that once held ether had been emptied some time ago. Twelve of them were attacked by the same person; their account now holds 45,000 ether (approximately worth $7.7 million now; valued at $54 million pre-crash), although its funds haven't moved in the last three years.
A key is usually a 78-digit string of numbers but there have been instances where they have values of just 1 or 2. Shorter, easier keys can result from a coding error, an inexperienced user choosing their own key, or malicious code that would corrupt the key-making process. A chance of guessing an Ethereum private key is 1 in 2256 - practically impossible.
The thief seemed to have a vast, pre-generated list of keys and was scanning them at automated speed. According to ISE, those are likely “automated ethercombing thefts," meaning when funds were transferred to the keys, the money disappeared in a matter of seconds automatically.
ISE has been unable to identify the blockchain bandit or the faulty or corrupted wallets that produce weak keys.