Chinese cybersecurity company Qihoo 360 reported an attack on the Ethereum network. The attack resulted in $20 million stolen from misconfigured Ethereum clients. Hackers have been using a vulnerability with exposed Remote Procedure Call (RPC) interface on port 8545. The news of the hack potentially served as a secondary factor contributing to the recent negative market trend of the Ethereum price.
Remember this old twitter we posted? Guess how much these guys have in their wallets? Check out this wallet address https://t.co/t4qB17r97J $20,526,348.76, yes, you read it right, more then 20 Million US dollars https://t.co/SXHrdTcb6e
— 360 Netlab (@360Netlab) June 11, 2018
The Qihoo 360 team has been tracking the loophole since March 2018. Earlier this year, the cybersecurity lab has informed the public of the malicious activities. According to the company’s official twitter, there was a malefactor scanning for exposed interfaces on the default RPC port. By June the attacks intensified and it has been reported that multiple fraudulent groups started exploiting the vulnerability of insecurely configured Ethereum clients. The Qihoo 360 firm identified a wallet belonging to presumably the most successful group who single-handedly stole $20 million. The same security firm formerly discovered security issues in EOS platform on May 29th.
The vulnerability comes from neglect by some of the Ethereum node hosts. The RPC interface grants access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service. For example, services like wallets and mining clients use the RPC functions. By default, the interface comes disabled and can be accessed only on local 8545 port. The automated port is installed by default on most Ethereum clients and provides a “link” between the user system to the servers.
The problem with exposed RPC interface is not new to the crypto community. Previously, the Ethereum community sent out an official security advisory a few months after the network’s launch. The statement from the company warned the users of the problem with insecurely configured clients. Some of the nodes in the network had the interface enabled and no firewall rules imposed, thus opening up their wallets to theft by anybody on the internet who knows the combination of wallet address and the client’s IP.
Image Source: “Flickr”