According to a ZDNet report, bad default configurations in popular Ethereum software are leaving users' wallets wide open to exploitation, and hackers are taking advantage of it. The misconfiguration exposes the standard JSON-RPC interface commonly found in Ethereum software to the internet, which allows attackers to easily scan for vulnerable clients and issue commands, such as wallet transfers. ZDnet claims that scans for the vulnerable port ramped up at least a week ago. While the value of Ethereum has plunged to less than 10% of what it was worth in January, according to CoinMarketCap, all the ETH in circulation is still worth over $9 billion USD. Thanks to Schtask for the tip. However, the problem with port 8545 isn't new. Back in August 2015, the Ethereum team sent out a security advisory to all Ethereum users about the dangers of using mining equipment and Ethereum software that exposes this API interface over the Internet, recommending that users take precautions by either adding a password on the interface, or using a firewall to filter incoming traffic for port 8545. Many mining rig vendors and wallet app makers have taken precautions to limit port 8545 exposure, or have removed the JSON-RPC interface altogether. Unfortunately, this wasn't an industry-concerted effort, and many devices are still exposed online. But despite warnings from the Ethereum team, many users have failed to check Ethereum clients about this issue. EDIT: 360 Netlab claims that over $20 Million in Ethereum has been stolen already.