Slashdot Mirror
Hackers Stole Over $20 Million From Misconfigured Ethereum Clients (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today. The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545. The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service -- such as a mineror wallet application that users or companies have set up for mining or managing funds. Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner's personal details.
According to sources, Russians did this. Donald TRUMP used altcoin to funnel millions of dollars to the Kremlin to help Putin win his elections. Once all of that is done, the altcoin will be returned with "virtual interest" and funneled back into TRUMP's election so he can beat Hillary again.
We need to put a stop to this. Vote Net Neutrality. Vote Hillary.
Does anyone have the numbers- are you more likely to have money stolen from your wallet or your virtual wallet. For each $1 value in each- which is more vulnerable?
Seems to be a lot of big money heists from virtual wallets, but does that in %wise add up to more thefts per mano?
"That's the way to do it" - Punch
If that's the default open and allow on such a set of queries. Not even an API key or other requirement? Lord, that's worse than MS flaws.
Was I lied to ?
Trust was to be decentralized so this cannot happen. The transaction is on the blockchain... so just fix it. :)
And I am sure it is backed by deposit insurance.... oh wait.....
5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
Being your own bank seems to work out well.
Why! Dear God! Why!
PedoPesos are TEH FUTUR!!!!!
Rpc for native clients has only been only been enabled for localhost. Someone or something has to configure it for remote access. It takes some work to make it happen
You mean writing apps on the blockchain doesn't make them magically secure? I am shocked!
Or are we still only doing this for the big players only, you fucking fraud?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
They used the money to build a cave base on the dark side of the Moon.
ae911truth org
Stolen seems like a strong word if the victims exposed an API online with calls to transfer away their balances....
I mean, seriously. Who builds that kind of access into clients? I mean, I know never to attribute to malice what can be equally well explained by stupidity, but we are talking about people smart enough to program cryptographic protocols and code here, so the stupidity excuse sounds a bit thin.
Comment removed based on user account deletion
I do hope that this was because of the clients opening it up to the outside world by accident/stupidity and not the developers leaving it open by default by accident or just assuming people would know about there being an RPC interface open to the public by default. Because if it was a dev fuckup, then there's probably a lot of vulnerable clients still out there and they're probably get sued, badly.
"Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."
"Dem hackers" really means "we brought it on ourselves" by leaving the door wide open to theft. But then, that's not nearly breathless enough for bleepingcomputer or msmash. So instead they'll blame it on "bogeymen in teh intarwebbartubez", aka "hackers". All in all an utter waste of time.
I mean, you say they're worth $200 million, but I say they make a fine bread for cookies.
All of this is due to certain nations permitting Russia and North Korea to hack to their hearts' content.
-- Tigger warning: This post may contain tiggers! --
The first thing I wondered was what percentage of the currency is that.
According to this site: https://etherscan.io/stat/supp...
The total market cap of etherium is $52B so $20M is about .2%. (1/5th of 1% in case the '.' is hard to see) of all etherium in circulation.
There's about $1.6T US dollars in circulation, so as a percentage of total money in circulation that $20M etherium heist is the equivalent of a $6B USD heist.
Admittedly an odd way of looking at it but it's hard to imagine somebody making off with $6B due to something as mundane as an RPC vulnerability.
Tell me again how wonderful blockchain is and that it will solve sooo many problems......
Are (any) fiat-currency and (any) cryptocurrency really equivalent, as cryptocurrency fans claim?
For example, US Dollar and Bitcoin are really equals?
Value/validity/authorization of US dollar is provided/guaranteed by US Government (and in-turn whole US Public)!
Also, not to mention, US Dollars in any US Bank is insured by US Government!
What authorization/guarantee/insurance is behind Bitcoin? Nothing!
Sorry but that is the end of discussion then!
Why do you think Satoshi Nakamoto is really hiding his identity, if Bitcoin is really such a great innovation?
He is just someone does not like media/fan attention?
Or, could it be really because Bitcoin (and all cryptocurrencies followed it) are actually Ponzi Schemes?
(So he knew very well that law enforcement would come after him sooner or later?!)
If so-called cryptocurrencies are really good innovation, why they attract so many criminals/criminal activity?
Could it really be because, all cryptocurrencies themselves are scams, and that is why they attract all kinds of criminals/criminal activity?
If so-called cryptocurrencies are really currency, why no company/store can use Bitcoin as currency anymore?
Because the price of Bitcoin proved to be extremely unstable to use as a currency?
Would the result be different, if Bitcoin replaced by any other "cryptocurrency"?
Aren't all work the same way?
If so-called cryptocurrencies are really money; isn't people issuing their own money, illegal already, in all countries?
If so then, why they are still not banned in all countries?
Or, they are not actually virtual currency but virtual investment?
But, if they are actually investment, why we need/want them?
What would happen to world economy, if people invested in virtual investments, instead of real investments?
Or, all so-called cryptocurrencies are actually just a modified (made decentralized and paying variable interest) Ponzi Schemes?
(Price of cryptocurrencies would keep increasing in the long term (by their design), so it is equivalent of paying variable interest to all long term investors.)
Also, since all so-called cryptocurrencies are actually financial scams (Ponzi Schemes), that means, they cannot be the solution for any of existing financial problems of our world!
As more and more people invest in cryptocurrencies, it will become harder and harder to ban their trading everywhere (because people invested in cryptocurrencies, would try to stop anyone trying to ban cryptocurrencies)!
All cryptocurrencies need to be banned globally before it is too late!
The russians don't care about progressives or whatever they want polarizing extreme views out in public so we can become an unstable shithole like where you live.