Ethereum ETH Hack 14 Jun 2018
Hackers steal $20 million Ethereum by accessing applications via Ethereum software which has configured their interface to reveal a Remote Procedure Call (RPC).
14 June, AtoZ Markets – According to a number of online media reports, a group of hackers has reportedly stolen around $20 million worth of Ethereum using misconfigured Ethereum clients.
The group of hackers was able to access applications via Ethereum software which has configured their interface to reveal a Remote Procedure Call (RPC). The RPC interface facilitates third parties to interact with data from the Ethereum-based service. This implies that those with access are able to get private keys, move funds, and see owner’s personal data.
Most of the modern applications have this interface disabled by default. Moreover, even when it is turned on, it is normally configured to only provide access to apps that are running locally. Yet, developers do not always keep this configuration and they reconfigure their Ethereum clients without considering the risks.
The Ethereum project has already been aware of this vulnerability and has sent out an official security advisory to its users in 2015. The project has indicated that the likelihood of such attacks was low, with potential damage being significantly high.
As per the online reports, the Chinese cyber-security firm Qihoo 360 Netlab has claimed that a least one “threat actor” was making mass checks for exposed Ethereum software with RPC interface on port 8545. In March, this firm has stated in a Tweet “[so] far it has only got 3.96234 Ether [~$2000-$3000] on its account, but hey it is free money!”
Then, on June 11, the Netlab team has stated that the check for port 8545 never been suspended. Instead, the scans have increased as “threat actors” joined in. As of the moment, neither the co-founder of Ethereum Vitalik Buterin nor the Ethereum team itself provided any official commentary.
Think we missed something? Let us know in the comments section below.