Bad Default Configurations Leave Ethereum Wallets Exposed

Discussion in 'HardForum Tech News' started by AlphaAtlas, Dec 11, 2018.

  1. AlphaAtlas

    AlphaAtlas [H]ard|Gawd Staff Member

    Messages:
    1,713
    Joined:
    Mar 3, 2018
    According to a ZDNet report, bad default configurations in popular Ethereum software are leaving users' wallets wide open to exploitation, and hackers are taking advantage of it. The misconfiguration exposes the standard JSON-RPC interface commonly found in Ethereum software to the internet, which allows attackers to easily scan for vulnerable clients and issue commands, such as wallet transfers. ZDnet claims that scans for the vulnerable port ramped up at least a week ago. While the value of Ethereum has plunged to less than 10% of what it was worth in January, according to CoinMarketCap, all the ETH in circulation is still worth over $9 billion USD. Thanks to Schtask for the tip.


    However, the problem with port 8545 isn't new. Back in August 2015, the Ethereum team sent out a security advisory to all Ethereum users about the dangers of using mining equipment and Ethereum software that exposes this API interface over the Internet, recommending that users take precautions by either adding a password on the interface, or using a firewall to filter incoming traffic for port 8545. Many mining rig vendors and wallet app makers have taken precautions to limit port 8545 exposure, or have removed the JSON-RPC interface altogether. Unfortunately, this wasn't an industry-concerted effort, and many devices are still exposed online. But despite warnings from the Ethereum team, many users have failed to check Ethereum clients about this issue.

    EDIT: 360 Netlab claims that over $20 Million in Ethereum has been stolen already.
     
    Last edited: Dec 11, 2018
  2. Nukester

    Nukester [H]ard|Gawd

    Messages:
    1,429
    Joined:
    Mar 21, 2016
  3. BSmith

    BSmith [H]ard|Gawd

    Messages:
    1,324
    Joined:
    Nov 9, 2017
    Hehe,...good.
     
    griff30 likes this.
  4. WhoMe

    WhoMe Gawd

    Messages:
    827
    Joined:
    Jan 3, 2018
    But I thought block-chain was going to solve all problems and make things like this impossible as well as giving everyone two cars and a chicken in every pot.
     
    griff30 and thenapalm like this.
  5. griff30

    griff30 I Lower the Boom!

    Messages:
    5,385
    Joined:
    Jul 15, 2000
    Wait for it....
    The Block-Chain Evangelists will get on here any minute to indoctrinate us on how secure and safe it is and how everything is better with crypto Fiat.
     
    WhoMe likes this.
  6. Joust

    Joust 2[H]4U

    Messages:
    2,882
    Joined:
    Nov 30, 2017
    Everything is better with cryp....ah, nevermind.
     
    griff30 likes this.
  7. Imhotep

    Imhotep Gawd

    Messages:
    777
    Joined:
    Feb 12, 2014
    There is no need for a wallet while using eth. Its as simple as that... You guys should stop posting things about crypto. You have no clue...:D
     
  8. meme

    meme Limp Gawd

    Messages:
    239
    Joined:
    Jul 15, 2004
    Blockchains exist to facilitate crimes, so this is exactly what should be expected.
     
    griff30 likes this.