20 Million Dollars Hacked From Misconfigured Ethereum Applications
Chinese cyber-security firm Qihoo 360 Netlab released a statement today where they claimed that a group of criminals had stolen over 20 million dollars worth of Ethereum cryptocurrency from ETH-based applications and also from mining rigs. They believe that the reasons behind the hacks are poorly designed Ethereum apps. In this particular case, poorly designed means these applications were configured to expose Remote Procedure Call interface on port 8545.
Remember this old twitter we posted? Guess how much these guys have in their wallets? Check out this wallet address https://t.co/t4qB17r97J $20,526,348.76, yes, you read it right, more then 20 Million US dollars https://t.co/SXHrdTcb6e
— 360 Netlab (@360Netlab) June 11, 2018
What Remote Procedure Call interface does it they provide 3rd party access to data via programmable Application programming interface (API). If coders leave this unsecured, a hacker can find his way to miners or wallets funds and simply steal it. This is why RPC is by default disabled in most ETH client applications.
For days now, Qihoo 360 has been reporting that there has been an increase in scans for Remote Procedure Call interface on ports 8545. And now when the news about the 20 million dollar heist is out, it is expected that the casual copycat cybercriminals will join the hacking spree.