BSV
$52.71
Vol 34.75m
-6.66%
BTC
$96231
Vol 50249.39m
-1.3%
BCH
$448.73
Vol 413.55m
-1.91%
LTC
$98.77
Vol 951.95m
-4.48%
DOGE
$0.31
Vol 6692.84m
-5.46%
Getting your Trinity Audio player ready...

Hackers have successfully stolen as much as $20 million in ETH from misconfigured Ethereum clients, according to reports.

In a new report, China-based cybersecurity company Qihoo 360 Netlab detailed how hackers managed to breach Ethereum-based applications and mining rigs, which have been configured to expose a Remote Procedure Call (RPC) interface.

The offending interface, on port 8545, is designed to allow for integration with APIs from third party services or to enable apps to interact with other Ethereum services. To perform this function, the RPC interface creates an exploit the hackers have used to find private keys, to gain access to funds directly, and to gain access to the owner’s personal data, according to experts at the cybersecurity firm.

The interface is generally switched off in most Ethereum-based apps by default, and there is often a warning not to switch it on without appropriate additional security measures. However, with a culture of customising settings in Ethereum apps, and often without the required depth of knowledge, a number of clients have been left exposed, resulting in this, the latest theft of ETH.

The issue is far from new. The Ethereum Project has issued official guidance to those running Ethereum mining rigs, highlighting that their funds were open to theft without adequate additional security.

Despite these warnings, the issue has persisted, and developers continue to misconfigure devices and apps without fully appreciating the risks.

Hackers have been intensifying efforts to scan for exposed ports, with a surge in activity around November 2017 in scanning for devices running on port 3333.

However, with the majority of applications running their RPC on port 8545, Qihoo 360 Netlab has now found evidence of a growth in the number of scans specifically looking to take advantage of this exploit: “If you have honeypot running on port 8545, you should be able to see the requests in the payload, which has the wallet addresses…And there are quite a few IPs scanning heavily on this port now.”

With automated scanning and hacking tools becoming ever more sophisticated, it’s up to developers to make sure they don’t become the latest victims to this increasingly prevalent scam.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement