$20 Million Ether Hacked From Poorly Configured Ethereum Apps

2018-6-12 19:00

According to Chinese internet security firm Qihoo 360 Netlab, hackers have stolen $20 million in ether from poorly configured Ethereum mining rigs and third-party applications. Experts at the firm say the cyber-attacks target unsecured Ethereum nodes on the Internet.

Details of the Hack

On March 15, Qihoo 360 Netlab alerted the cryptocurrency community to the activities of hackers scanning the Internet for unsecured Ethereum nodes. At the time, the alleged cybercriminals had stolen 3.96 ETH.

Remember this old twitter we posted? Guess how much these guys have in their wallets? Check out this wallet address https://t.co/t4qB17r97J $20,526,348.76, yes, you read it right, more then 20 Million US dollars https://t.co/SXHrdTcb6e

— 360 Netlab (@360Netlab) June 11, 2018

However, recent findings have unearthed another hacker who has managed to steal an even more considerable amount of ether. By hijacking unsecured Ethereum wallet apps, the hacker has managed to siphon off 38,642 ETH worth about $20 million. The image below is the address of the suspected hacker:

The hack exploits the ability of Remote Procedure Call (RPC) interfaces running on port 8545 to access sensitive miner and wallet information. The RPC provides third-party access to this data via a programmatic API. If left unsecured, a hacker could gain access to miner/wallet funds. Thus, the RPC is usually disabled by default on most Ethereum-based apps.

Safeguarding Your Ether Holdings

Whether by omission or commission, some app developers — in tinkering unnecessarily with their apps — have opened up the unsecured node vulnerability. With the astronomic rise in cryptocurrency prices last year, it seems more hackers are incentivized to conduct rigorous Internet scans in search of unsecured cryptocurrency holdings.

Qihoo 360 Netlab reports that there is an increase in scans for RPC interfaces on port 8545. With the success of the $20 million heist, it is safe to assume that more cybercrooks will join the attack.

In May 2018, reports emerged of Satori Botnet targeting exposed Ethereum miners. There are numerous hacking resources available on GitHub to automate port 8545 scanning exploits. According to Qihoo 360 Netlab team:

If you have honeypot running on port 8545, you should be able to see the requests in the payload, which has the wallet addresses. And quite a few IPs are scanning heavily on this port now.

As for users of Ethereum-based apps, they are advised to check that their RPC interfaces are not left unsecured on the Internet.

Have you checked to see if your Ethereum-based apps and mining rigs are properly configured? Do you think other blockchains-based apps are vulnerable to this same attack?  Share your views with the community in the comment section below. 

Images courtesy of Shutterstock, Twitter/@360Netlab, and etherchain.org.

The post $20 Million Ether Hacked From Poorly Configured Ethereum Apps appeared first on Bitcoinist.com.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Ethereum (ETH) на Currencies.ru

$ 3550.03 (-0.92%)
Объем 24H $38.204b
Изменеия 24h: -1.89 %, 7d: 6.71 %
Cегодня L: $3523.8 - H: $3665.21
Капитализация $427.573b Rank 2
Доступно / Всего 120.442m ETH

ethereum million internet configured ether poorly hackers

ethereum million → Результатов: 3


Фото:

Michigan state pension fund reports $11 million exposure to Ethereum ETFs

The State of Michigan Retirement System disclosed over $11 million in exposure to spot Ethereum (ETH) exchange-traded funds (ETF) in its latest 13-F filing. As a result, Michigan became the first state to invest in Ethereum and currently holds a larger position in Ethereum ETFs, compared to the $7 million invested in spot Bitcoin ETFs […] The post Michigan state pension fund reports $11 million exposure to Ethereum ETFs appeared first on CryptoSlate.

2024-11-5 21:23


Discord может подключиться к Ethereum

Мессенджер Discord рассматривает возможность подключения к блокчейну Ethereum. Это следует из твита основателя и CEO чат-платформы Джейсона Цитрона. Imagine a place… — Built for gamers — Home to everyone playing the Great Online Game — Has 150 million MAUs — Generates $130 million in revenue — Is a web3 sleeper@mariogabriele & I teamed up on […]

2021-11-9 12:49


Ethereum Classic Price Analysis - On-chain activity drops despite recent protocol upgrade

Ethereum Classic (ETC) is a distributed ledger and decentralized computing platform with smart contract capabilities, created in 2016 by forking the original Ethereum (ETH) project. The crypto asset is currently 21st on the Brave New Coin market cap table, with a market cap of US$765 million and US$110 million in trade volume over the past 24 hours.

2020-6-23 15:01