Hackers Scoop $20 Million in ETH From Exposed Ethereum Nodes


Hackers Scoop $20 Million in ETH From Exposed Ethereum Nodes

The first half of June has seen a series of high profile attacks rock the cryptocurrency ecosystem, with the recent South Korean exchange Coinrail hacked to the tune of around $40 million and ZenCash targeted by a successful 51% attack.

Ethical Hacker Exposes Vulnerabilities in EOS Code
Related: Ethical Hacker Exposes Vulnerabilities in EOS Code

One of the most successful hacks of 2018, however, didn’t occur with a bang, but with a whisper — the discrete siphoning of over $20 million in ETH from poorly-configured Ethereum nodes.

Hackers have succeeded in stealing over $20 million by hijacking insecure Ethereum nodes — an issue that was highlighted in March this year by Chinese security giant Qihoo 360, who notably raised concerns recently regarding the security of the soon-to-launch EOS blockchain.

Insecure Geth Clients Lose Out

Qihoo 360 attempted to alert the Ethereum community several months ago, warning users of the Geth Ethereum client that malicious parties were scanning port 8545 — the default listening port for the client. However, at the time of the report, hackers had only captured a little under 4 ETH for their effort, resulting in these warnings being largely ignored by the Ethereum community.

Fast forward a few months and a new tweet from Qihoo 360 reveals that the hackers never stopped, having currently captured a massive 38642.6 ETH haul — worth over $18 million at the time of this report.

The wallet associated with the hackers, to which all of the siphoned ETH has been sent, has received roughly 5,000 transactions to date, with an average transaction amount of around 7 ETH. This entire haul was accumulated simply by scanning the internet for Geth users that left their JSON-RPC port 8545 open to the world and hijacking their wallets.

READ  South Korea's Aurora Chain Aims for 2000 TPS In Competition with Ethereum
Hacker wallet data via Etherscan

Almost three years ago, the Ethereum project issued a security alert regarding the high risk associated with insecurely configured Ethereum clients with no firewall, specifically mentioning the built-in security placed on the JSON-RPC interface.

Despite the fact port security is a critical element of overall node security, many node operators have taken to social media over the last two years to announce the loss of their capital.

According to 360, scanning attempts on port 8545 have now increased dramatically as a result, with copycat hackers moving in on weak targets.

Ethereum, currently ranked #2 by market cap, is down 3.74% over the past 24 hours. ETH has a market cap of $47.59B with a 24 hour volume of $2.1B.

Chart by CryptoCompare

Ethereum is down 3.74% over the past 24 hours.

Cover Photo by neONBRAND on Unsplash

Disclaimer: Our writers’ opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.

Did you like this article? Join us.

Get blockchain news and crypto insights.

Join Us on Telegram

Sam Town Author

Sam Town

Samuel is a freelance journalist, digital nomad, and crypto enthusiast based out of Bangkok, Thailand. As an avid observer of the rapidly evolving blockchain ecosystem he specializes in the FinTech sector, and when not writing explores the technological landscape of Southeast Asia.

View author profile

Follow the latest projects added to the ICO Database

We’re tracking 1091 projects from all around the globe.





READ SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here