Hackers Stole Over $20 Million From Misconfigured Ethereum Clients

Catalin Cimpanu, writing for BleepingComputer: A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today. The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545. The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service -- such as a mineror wallet application that users or companies have set up for mining or managing funds. Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner's personal details.

Percentage of currency

[belthize]

The first thing I wondered was what percentage of the currency is that.

According to this site: https://etherscan.io/stat/supp...

The total market cap of etherium is $52B so $20M is about .2%. (1/5th of 1% in case the '.' is hard to see) of all etherium in circulation.

There's about $1.6T US dollars in circulation, so as a percentage of total money in circulation that $20M etherium heist is the equivalent of a $6B USD heist.

Admittedly an odd way of looking at it but it's hard to imagine somebody making off with $6B due to something as mundane as an RPC vulnerability.