Russia is in the final phase of testing a central bank digital currency (CBDC), which will be used for both national and international...
Chinese security agency Qihoo 360 flagged concerns surrounding EOS’ blockchain earlier this year – and now the agency has warned that hackers may have made off with approximately $20 million USD in Ether as the result of theft from insecure network nodes.
Three years ago, Ethereum developers issued a security alert diagnosing a vulnerability within incorrectly configured Ethereum clients – specifically highlighting security placed on its JSON-RPC interface.
Earlier this year, the Qihoo 360 first warned users that malicious parties had begun scanning the same JSON-PRC port – 8545 – of the Geth Ethereum client in an attempt to plunder profits. At the time of the tweet, hackers had managed to make off with 3.96234 ETH.
Someone tries to make quick money by scanning port 8545, looking for geth clients and stealing their cryptocurrency good thing geth by default only listens on local 8545 port. So far it has only got 3.96234 Ether on its account, but hey it is free money! pic.twitter.com/YVSWlMtYGa
— 360 Netlab (@360Netlab) March 15, 2018
Unfortunately, many node operators remained oblivious to the warnings – and now a wallet address associated with the same group bears a total of 38,642 ETH. The same wallet address shows an average transaction amount of as much as 7 ETH.
Remember this old twitter we posted? Guess how much these guys have in their wallets? Check out this wallet address https://t.co/t4qB17r97J $20,526,348.76, yes, you read it right, more then 20 Million US dollars https://t.co/SXHrdTcb6e
— 360 Netlab (@360Netlab) June 11, 2018
As Qihoo 360 notes, the theft has been achieved by simply scanning Ethereum nodes that had left JSON-RPC port 8545 open.
According to the Chinese security agency, copycat hackers have since similarly targeted network nodes using the same approach – effectively giving a three-year-old issue a new lease on life.
As the Ethereum community noted then, node operators have been urged to only run the default settings for each client they maintain.
Ethereum is down -1.70% day-on-day, and presently trades at $487.83 USD.