Tech 15 June 2018Ed Drake
Misconfigured Ethereum apps, mining rigs lose $20M to hacks
Hackers have successfully stolen as much as $20 million in ETH from misconfigured Ethereum clients, according to reports.
In a new report, China-based cybersecurity company Qihoo 360 Netlab detailed how hackers managed to breach Ethereum-based applications and mining rigs, which have been configured to expose a Remote Procedure Call (RPC) interface.
The offending interface, on port 8545, is designed to allow for integration with APIs from third party services or to enable apps to interact with other Ethereum services. To perform this function, the RPC interface creates an exploit the hackers have used to find private keys, to gain access to funds directly, and to gain access to the owner’s personal data, according to experts at the cybersecurity firm.
The interface is generally switched off in most Ethereum-based apps by default, and there is often a warning not to switch it on without appropriate additional security measures. However, with a culture of customising settings in Ethereum apps, and often without the required depth of knowledge, a number of clients have been left exposed, resulting in this, the latest theft of ETH.
If you have honeypot running on port 8545, you should be able to see the requests in the payload. Which has the wallet addresses. And there are quite a few ips scanning heavily on this port now. https://t.co/xSB6tuGZ9u
— 360 Netlab (@360Netlab) June 11, 2018
The issue is far from new. The Ethereum Project has issued official guidance to those running Ethereum mining rigs, highlighting that their funds were open to theft without adequate additional security.
Despite these warnings, the issue has persisted, and developers continue to misconfigure devices and apps without fully appreciating the risks.
Hackers have been intensifying efforts to scan for exposed ports, with a surge in activity around November 2017 in scanning for devices running on port 3333.
However, with the majority of applications running their RPC on port 8545, Qihoo 360 Netlab has now found evidence of a growth in the number of scans specifically looking to take advantage of this exploit: “If you have honeypot running on port 8545, you should be able to see the requests in the payload, which has the wallet addresses…And there are quite a few IPs scanning heavily on this port now.”
With automated scanning and hacking tools becoming ever more sophisticated, it’s up to developers to make sure they don’t become the latest victims to this increasingly prevalent scam.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 22 March 2019
Blockchain analyst CipherBlade criticizes WSJ journalism, or lack thereof
CipherBlade, a blockchain investigation firm, has concluded that the Wall Street Journal (WSJ) has overstated its previous claims about the cryptocurrency exchange ShapeShift.
Tech 22 March 2019
Unwriter announces Bottle, a Bitcoin browser
Looking to find a way out of the world wide web, Unwriter has released Bottle, a new browser exclusively for the Bitcoin SV network.
Tech 22 March 2019
Money Button CEO: How to upload large files to Bitcoin SV blockchain
OP_Return has a 100KB upload limit, but Ryan X Charles will show you how you can upload much larger files with a new tool from Money Button.