Misconfigured Ethereum apps, mining rigs lose $20M to hacks
Hackers have successfully stolen as much as $20 million in ETH from misconfigured Ethereum clients, according to reports.
In a new report, China-based cybersecurity company Qihoo 360 Netlab detailed how hackers managed to breach Ethereum-based applications and mining rigs, which have been configured to expose a Remote Procedure Call (RPC) interface.
The offending interface, on port 8545, is designed to allow for integration with APIs from third party services or to enable apps to interact with other Ethereum services. To perform this function, the RPC interface creates an exploit the hackers have used to find private keys, to gain access to funds directly, and to gain access to the owner’s personal data, according to experts at the cybersecurity firm.
The interface is generally switched off in most Ethereum-based apps by default, and there is often a warning not to switch it on without appropriate additional security measures. However, with a culture of customising settings in Ethereum apps, and often without the required depth of knowledge, a number of clients have been left exposed, resulting in this, the latest theft of ETH.
If you have honeypot running on port 8545, you should be able to see the requests in the payload. Which has the wallet addresses. And there are quite a few ips scanning heavily on this port now. https://t.co/xSB6tuGZ9u
— 360 Netlab (@360Netlab) June 11, 2018
The issue is far from new. The Ethereum Project has issued official guidance to those running Ethereum mining rigs, highlighting that their funds were open to theft without adequate additional security.
Despite these warnings, the issue has persisted, and developers continue to misconfigure devices and apps without fully appreciating the risks.
Hackers have been intensifying efforts to scan for exposed ports, with a surge in activity around November 2017 in scanning for devices running on port 3333.
However, with the majority of applications running their RPC on port 8545, Qihoo 360 Netlab has now found evidence of a growth in the number of scans specifically looking to take advantage of this exploit: “If you have honeypot running on port 8545, you should be able to see the requests in the payload, which has the wallet addresses…And there are quite a few IPs scanning heavily on this port now.”
With automated scanning and hacking tools becoming ever more sophisticated, it’s up to developers to make sure they don’t become the latest victims to this increasingly prevalent scam.
To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.