$ 20 million in Ethereum stolen by hackers. Reason – the holes in security settings

$ 20 million in Ethereum stolen by hackers. Reason – the holes in security settings

According to a Chinese company specializing in Internet security Qihoo 360 Netlab, hackers stole $ 20 million in Ethereum because of the vulnerability in the security settings of mining farms and applications.

The company’s experts argue that the cyber attack was aimed primarily at vulnerable nodes in Ethereum.

15 Mar Netlab Qihoo 360 has issued a warning that unknown persons who are possible hackers scan the network in an attempt to find poorly protected nodes Ethereum. At the time of publication of warning to criminals to steal 3,96 ETH.

However, a recent test was able to detect another hacker who managed to steal much more money. By hacking poorly protected applications, Ethereum-wallet, he managed to take control 38.642 ETH cost of about $ 20 million. The figure below shows the address of a suspected hacker:

The hacker used the capabilities of the interfaces a remote procedure call (RPC) running on port 8545, for access to classified information miners and wallets. RPC provides third-party access to this data through a software API. If this method of control to leave unprotected, anyone will be able to access the funds of miners and wallets. Therefore, RPC is normally disabled by default for most applications based on Ethereum.

But the developers, some applications, intentionally or not, did not. And the rising prices of bitcoin has attracted a significant number of hackers in this industry who carefully check all the possibilities for hacking.

Qihoo 360 Netlab reports that the number of scans in an attempt to access the RPC interface in recent years has increased.

News tags
Let's Disqus