Chinese company Qihoo 360 Netlab, specializing in cybersecurity, announced that a group of hackers stole the air to the amount of almost $20 million using a vulnerability in the client configuration Ethereum.

The attackers used application Ethereum configured so that output interface to provide remote procedure call (RPC) on port 8545. The RPC interface allows third parties to request data stored on the service, built on Ethereum, and interact with them.

This means that an attacker can obtain private keys and personal information of the owner, and most importantly — to transfer the funds to your account.

It should be noted that currently, most applications automatically disables the RPC interface, and even when it is included, it is usually configured to allow access only to apps that run locally. However, developers do not always retain this configuration and sometimes recalibrate its customers Ethereum, unaware of the potential threat.

The Ethereum team warned users about the vulnerability in August 2015, noting that although the attack is unlikely, it can lead to serious consequences.

And in March of this year, Qihoo 360 Netlab found that at least one “source of threat” holds the bulk scanning software Ethereum (namely TCP port 8545) using the RPC interface.

“Someone is trying to get easy money by scanning the port 8545 in finding customers geth and stealing their cryptocurrency. While they were able to get all 3.96234 ether, but Hey, it’s free money!”

It seems this warning is not very excited users, because three months later Netlab made repeated study, and reported that the port scan 8545 not only did not stop, but intensified. At the moment the hackers have managed to steal 38 642,7 Ether ($18.1 million). The team and Ethereum Vitalik Buterin has not commented on the situation.

comments powered by HyperComments