Hackers reportedly plunder $20 million USD from insecure Ethereum nodes

Chinese security agency Qihoo 360 flagged concerns surrounding EOS’ blockchain earlier this year – and now the agency has warned that hackers may have made off with approximately $20 million USD in Ether as the result of theft from insecure network nodes.

Three years ago, Ethereum developers issued a security alert diagnosing a vulnerability within incorrectly configured Ethereum clients – specifically highlighting security placed on its JSON-RPC interface.

Earlier this year, the Qihoo 360 first warned users that malicious parties had begun scanning the same JSON-PRC port – 8545 – of the Geth Ethereum client in an attempt to plunder profits. At the time of the tweet, hackers had managed to make off with 3.96234 ETH.

Unfortunately, many node operators remained oblivious to the warnings – and now a wallet address associated with the same group bears a total of 38,642 ETH. The same wallet address shows an average transaction amount of as much as 7 ETH.

As Qihoo 360 notes, the theft has been achieved by simply scanning Ethereum nodes that had left JSON-RPC port 8545 open.

According to the Chinese security agency, copycat hackers have since similarly targeted network nodes using the same approach – effectively giving a three-year-old issue a new lease on life.

As the Ethereum community noted then, node operators have been urged to only run the default settings for each client they maintain.

Ethereum is down -1.70% day-on-day, and presently trades at $487.83 USD.

Related Articles

How is Bitcoin regulated in the United States?

Bitcoin regulation is an ever-evolving topic, especially in the United States where national legislation is impacted by individual states.

BlockFi financial leaks shows $1.2 billion FTX links

Financial information accidentally leaked in a presentation shows that BlockFi's financial ties to FTX were much higher than previously...

Genesis slapped with lawsuits amidst bankruptcy proceedings

Class action lawsuits have been filed against crypto lending platform Genesis as the firm deals with bankruptcy filings.

New crypto regulation in Japan will allow stablecoins

Amendments to the Payments Service Act of 2022 will lift the ban on foreign stablecoins in Japan from no later than June 2023.

See All