Misconfigured Ethereum Clients Have Resulted in Hack of Around $20 Mln
The hackers managed access applications utilizing the Ethereum applications which configured their port to expose a Remote Procedure Call (RPC). The RPC interface allows third parties to query, socialize with, and retrieve data in the Ethereum-based service, meaning individuals with access could acquire private keys, see the owner’s personal info, and even transfer capital.
When most apps disable this interface by default, and even when it’s switched on, it is generally configured to only allow access to programs which are run locally. However, developers don’t always keep this configuration and at times reconfigure their Ethereum customers without knowing the threat.
The Ethereum project has known about the prospect of exploiting this vulnerability and shipped out an official security advisory as a warning to its users back in August 2015, indicating the likelihood of an attack was reduced, but its potential severity was large.
According to Bleeping Computer, the Chinese cyber-security firm Qihoo 360 Netlab identified in March that one”hazard celebrity” was creating mass-scans for vulnerable Ethereum software with RPC interfaces specifically on port 8545. At the moment, 360 Netlab said in a tweet that,”[so] much it’s only got 3.96234 Ether [~$2000-$3000] on its accounts, but hey it is free money!”
On June 11, after reviewing the research again, the team from Netlab said that the scans for port 8545 never stopped, but really increased as more”threat actors” joined in.
In the time of submitting, neither the Ethereum staff, nor the co-founder Vitalik Buterin responded to a request for comment.