Tech 15 June 2018Ed Drake
Misconfigured Ethereum apps, mining rigs lose $20M to hacks
Hackers have successfully stolen as much as $20 million in ETH from misconfigured Ethereum clients, according to reports.
In a new report, China-based cybersecurity company Qihoo 360 Netlab detailed how hackers managed to breach Ethereum-based applications and mining rigs, which have been configured to expose a Remote Procedure Call (RPC) interface.
The offending interface, on port 8545, is designed to allow for integration with APIs from third party services or to enable apps to interact with other Ethereum services. To perform this function, the RPC interface creates an exploit the hackers have used to find private keys, to gain access to funds directly, and to gain access to the owner’s personal data, according to experts at the cybersecurity firm.
The interface is generally switched off in most Ethereum-based apps by default, and there is often a warning not to switch it on without appropriate additional security measures. However, with a culture of customising settings in Ethereum apps, and often without the required depth of knowledge, a number of clients have been left exposed, resulting in this, the latest theft of ETH.
If you have honeypot running on port 8545, you should be able to see the requests in the payload. Which has the wallet addresses. And there are quite a few ips scanning heavily on this port now. https://t.co/xSB6tuGZ9u
— 360 Netlab (@360Netlab) June 11, 2018
The issue is far from new. The Ethereum Project has issued official guidance to those running Ethereum mining rigs, highlighting that their funds were open to theft without adequate additional security.
Despite these warnings, the issue has persisted, and developers continue to misconfigure devices and apps without fully appreciating the risks.
Hackers have been intensifying efforts to scan for exposed ports, with a surge in activity around November 2017 in scanning for devices running on port 3333.
However, with the majority of applications running their RPC on port 8545, Qihoo 360 Netlab has now found evidence of a growth in the number of scans specifically looking to take advantage of this exploit: “If you have honeypot running on port 8545, you should be able to see the requests in the payload, which has the wallet addresses…And there are quite a few IPs scanning heavily on this port now.”
With automated scanning and hacking tools becoming ever more sophisticated, it’s up to developers to make sure they don’t become the latest victims to this increasingly prevalent scam.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 24 May 2019
Google Play warns customers of fake cryptocurrency apps
Google has caught two apps that were pretending to be popular crypto wallets, one of which was trying to steal user funds.
Tech 24 May 2019
Rabobank opts to close cryptocurrency account plans
Rabobank have decided not to offer crypto wallets, citing regulatory uncertainty and skepticism from their customers.
Tech 24 May 2019
Proxicoin to allow anyone to become a movie producer
A big investment in Proxicoin promises that it will offer new investment opportunities to film, TV and music fans.