Ethereum RPC interface hack - logo of Qihoo 360

20 Million Dollars Hacked From Misconfigured Ethereum Applications

Chinese cyber-security firm Qihoo 360 Netlab released a statement today where they claimed that a group of criminals had stolen over 20 million dollars worth of Ethereum cryptocurrency from ETH-based applications and also from mining rigs. They believe that the reasons behind the hacks are poorly designed Ethereum apps. In this particular case, poorly designed means these applications were configured to expose Remote Procedure Call interface on port 8545.

What Remote Procedure Call interface does it they provide 3rd party access to data via programmable Application programming interface (API). If coders leave this unsecured, a hacker can find his way to miners or wallets funds and simply steal it. This is why RPC is by default disabled in most ETH client applications.

For days now, Qihoo 360 has been reporting that there has been an increase in scans for Remote Procedure Call interface on ports 8545. And now when the news about the 20 million dollar heist is out, it is expected that the casual copycat cybercriminals will join the hacking spree.

Similar Posts