Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Stole Over $20 Million From Misconfigured Ethereum Clients (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, writing for BleepingComputer: A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today. The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545. The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service -- such as a mineror wallet application that users or companies have set up for mining or managing funds. Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner's personal details.

6 of 65 comments (clear)

  1. But Crypto Currency is safe? by Tulsa_Time · · Score: 2

    Was I lied to ?

    Trust was to be decentralized so this cannot happen. The transaction is on the blockchain... so just fix it. :)

    And I am sure it is backed by deposit insurance.... oh wait.....

    --
    5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
  2. Sorry for your loss. by Anonymous Coward · · Score: 2, Insightful

    Being your own bank seems to work out well.

  3. I'm in this field by Anonymous Coward · · Score: 2, Informative

    Rpc for native clients has only been only been enabled for localhost. Someone or something has to configure it for remote access. It takes some work to make it happen

    1. Re:I'm in this field by Train0987 · · Score: 2

      Like a massive router hack?

  4. Stolen? by rask22 · · Score: 2

    Stolen seems like a strong word if the victims exposed an API online with calls to transfer away their balances....

  5. Percentage of currency by belthize · · Score: 4, Interesting

    The first thing I wondered was what percentage of the currency is that.

    According to this site: https://etherscan.io/stat/supp...

    The total market cap of etherium is $52B so $20M is about .2%. (1/5th of 1% in case the '.' is hard to see) of all etherium in circulation.

    There's about $1.6T US dollars in circulation, so as a percentage of total money in circulation that $20M etherium heist is the equivalent of a $6B USD heist.

    Admittedly an odd way of looking at it but it's hard to imagine somebody making off with $6B due to something as mundane as an RPC vulnerability.