Report: Misconfigured Ethereum Clients Have Resulted in Hack of Around $20 Mln

Published at: June 13, 2018

About $20 mln worth of Ethereum have reportedly been stolen by a group of hackers, exploiting misconfigured Ethereum clients, according to a Bleeping Computer article published June 11.

The hackers were able access applications using the Ethereum software which configured their interface to expose a Remote Procedure Call (RPC). The RPC interface allows third parties to query, interact with, and retrieve data from the Ethereum-based service, meaning those with access could get private keys, see the owner’s personal information, and even move funds.

While most apps disable this interface by default, and even when it is turned on, it is usually configured to only allow access to apps that are run locally. However, developers do not always keep this configuration and sometimes reconfigure their Ethereum clients without knowing the danger.

The Ethereum project has long known about the potential for exploiting this vulnerability and sent out an official security advisory as a warning to its users back in August 2015, indicating that the likelihood of an attack was low, but its potential severity was high.

According to Bleeping Computer, the Chinese cyber-security firm Qihoo 360 Netlab identified in March that at least one “threat actor” was making mass-scans for exposed Ethereum software with RPC interfaces specifically on port 8545. At the time, 360 Netlab said in a tweet that, “[so] far it has only got 3.96234 Ether [~$2000-$3000] on its account, but hey it is free money!”

On June 11, after reviewing the research again, the team from Netlab said that the scans for port 8545 never stopped, but actually increased as more “threat actors” joined in. The current figure of siphoned Ether is 38,642.7 ($18.1 mln).

At the time of posting, neither the Ethereum team, nor the co-founder Vitalik Buterin responded to a request for comment.

Tags
Related Posts
Solana and Arbitrum knocked offline, while Ethereum evades attack
Surging Ethereum rival, Solana (SOL), has shed 15% of its value over the past 24 hours after suffering a denial-of-service disruption. On Tuesday at 12:38 pm UTC, Twitter account Solana Status announced that Solana’s mainnet beta had been suffering intermittent instability over a 45-minute period. Six hours after announcing the incident, Solana Status explained that a large increase in transaction load to 400,000 per second had overwhelmed the network, created a denial-of-service, and caused the network to start forking. 1/ Solana Mainnet Beta encountered a large increase in transaction load which peaked at 400,000 TPS. These transactions flooded the transaction …
Technology / Sept. 15, 2021
Ethereum Name Service Auctions Halted Because of a Bug
Ethereum Name Service (ENS) name auctions were halted because of a bug that resulted in names being awarded to wrong users and for lower bids. Faulty documentation ENS’s editor Brantly Millegan announced the halt of the name auctioning service in a Medium article published on Sept. 30. He noted that most of the first auctions concluded successfully and only a few were affected by the bug. The anomalous result of some auctions had two distinct causes, one of which lies in documentation, not the software, according to Millegan. Per the announcement, “some bidders were given incorrect information on how to …
Ethereum / Oct. 1, 2019
North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis
North Korean crypto hackers siphoned off nearly $400 million in crypto through cyber attacks in 2021 according to new data from Chainalysis. The type of crypto stolen has also seen a sea change according to the Jan. 13 report from the blockchain analytics firm. In 2017, BTC accounted for nearly all the crypto stolen by the DPRK, but it now accounts for just one fifth: “In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58%.” …
Bitcoin / Jan. 14, 2022
Crypto.com finally speaks out: 483 user accounts compromised
The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting "suspicious activities" in user accounts. In a statement today, Crypto.com revealed that "4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other currencies" had been taken from clients' accounts without their permission. The overall loss is presently valued at around $33.8 million, as per the current market value. Following a security breach, several Crypto.com users have made complaints that their money had been stolen. However, the company's previous responses had failed to quell concerns. Following the 17th of …
Bitcoin / Jan. 20, 2022
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022