More than 38 thousand ethers were stolen by Ethereum client security breach

in #bitcoin7 years ago

An address of Ethereum stores little more than 20 million dollars obtained during the last months thanks to the attacks perpetrated by hackers that have targeted several nodes of this blockchain network, which present a vulnerability that had been described in other opportunities.

The address in question is signaled by security firm Qihoo360 Netlab, which last March had announced that a group of cybercriminals were tracking the Internet to get Ethereum's geth command client nodes that were not secure enough. On that occasion, 3,96 ethers had already been stolen. They assured yesterday June 11 that this figure could rise to 38,642 etehrs.

Someone tries to make quick money by scanning port 8545, looking for clients and stealing their cryptocurrency, good thing by default only listens on local 8545 port. So far it has only got 3.96234 Ether on its account, but hey it is free money! pic.twitter.com/YVSWlMtYGa

  • 360 Netlab (@ 360Netlab) March 15, 2018
    "Someone is trying to make quick money by scanning port 8545 in search of geth clients and stealing their cryptocurrencies ..." the firm assured at the time.

Now, as was announced on their Twitter account in a similar way, they detected another group of hackers who had already seized 38,642 ethers, valued at $ 20.4 million at the time of writing this note. The security breach is in those nodes that opened their JSON-RPC 8545 port on the Internet, a remote connection protocol that through its interface (API) allows users to access the Ethereum blockchain and use its various features, allowing a third party to perform transactions, request private keys or obtain some details of digital identity.

Remember this old twitter we posted? Guess how much these guys have in their wallets? Check out this wallet address https://t.co/t4qB17r97J $ 20,526,348.76, yes, you read it right, more then 20 Million US dollars https://t.co/SXHrdTcb6e

  • 360 Netlab (@ 360Netlab) June 11, 2018
    "Remember this old post," they assured referring to the initial tweet sent in March. Guess how much they have in their wallets: $ 20,526,348.76. Yes, you read well. more than 20 million dollars, "they said yesterday.

The portfolio in question can be consulted through the various blockchain scanners for Ethereum. Similarly, to consult it in the Internet search engines, there are several reports of theft on this address, such as this dating back to August of last year.

Ethereum had already warned of the vulnerability of the JSON-RPC port three years ago, noting that using this remote access interface without using a firewall allows a third party to steal funds from the wallet just by knowing its address plus the IP address from where the user it connects

We have noticed that some individuals have seen their security compromised through a breach of the JSON-RPC interface. The RPC interface allows you to send transactions from any previously unlocked account and it stays that way for the rest of the session.

By default, RPC is disabled, and enabling it implies that it is only accessible from the same host where the Ethereum client is running. By opening the RPC to access by anyone from the Internet without complying with the firewall rules, the portfolio is exposed to theft by anyone who knows the address of the portfolio and the IP connection address.

This case is far from those intelligent contracts that due to technical failures are blocked or stolen, which has generated a debate about its reversibility. Rather, one might ask if it would be possible to establish a mechanism that allows the portfolio to recognize and admit only an IP address from which they will connect, or if there could be some extra security configuration that makes access to it impossible. unauthorized third parties.

It will be left to the developers to determine if this can be done by updating the protocol, although it is the sole responsibility of the users not to expose their connection data and to use a firewall when remotely connecting to blockchain addresses. Meanwhile, this situation could be used as the argument of many to fear and not adopt cryptocurrencies or blockchain technology because it is considered insecure.

Sort:  

Warning! This user is on my black list, likely as a known plagiarist, spammer or ID thief. Please be cautious with this post!
If you believe this is an error, please chat with us in the #cheetah-appeals channel in our discord.

This user is on the @buildawhale blacklist for one or more of the following reasons:

  • Spam
  • Plagiarism
  • Scam or Fraud