About $20 mln worth of Ethereum have reportedly been stolen by a group of hackers, exploiting misconfigured Ethereum clients, according to a Bleeping Computer article published June 11.The hackers were able access applications using the Ethereum software which configured their interface to expose a Remote Procedure Call.
The RPC interface allows third parties to query, interact with, and retrieve data from the Ethereum-based service, meaning those with access could get private keys, see the owner's personal information, and even move funds.
While most apps disable this interface by default, and even when it is turned on, it is usually configured to only allow access to apps that are run locally.
Developers do not always keep this configuration and sometimes reconfigure their Ethereum clients without knowing the danger.
The Ethereum project has long known about the potential for exploiting this vulnerability and sent out an official security advisory as a warning to its users back in August 2015, indicating that the likelihood of an attack was low, but its potential severity was high.
According to Bleeping Computer, the Chinese cyber-security firm Qihoo 360 Netlab identified in March that at least one "Threat actor" was making mass-scans for exposed Ethereum software with RPC interfaces specifically on port 8545.
At the time, 360 Netlab said in a tweet that, "[so] far it has only got 3.96234 Ether on its account, but hey it is free money!".
On June 11, after reviewing the research again, the team from Netlab said that the scans for port 8545 never stopped, but actually increased as more "Threat actors" joined in.
At the time of posting, neither the Ethereum team, nor the co-founder Vitalik Buterin responded to a request for comment.
Report: Misconfigured Ethereum Clients Have Resulted in Hack of Around $20 Mln
Published on Jun 13, 2018
by Cointele | Published on Coinage
Coinage
Mentioned in this article
Recent News
View All
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.