Bad Default Configurations Leave Ethereum Wallets Exposed

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
According to a ZDNet report, bad default configurations in popular Ethereum software are leaving users' wallets wide open to exploitation, and hackers are taking advantage of it. The misconfiguration exposes the standard JSON-RPC interface commonly found in Ethereum software to the internet, which allows attackers to easily scan for vulnerable clients and issue commands, such as wallet transfers. ZDnet claims that scans for the vulnerable port ramped up at least a week ago. While the value of Ethereum has plunged to less than 10% of what it was worth in January, according to CoinMarketCap, all the ETH in circulation is still worth over $9 billion USD. Thanks to Schtask for the tip.


However, the problem with port 8545 isn't new. Back in August 2015, the Ethereum team sent out a security advisory to all Ethereum users about the dangers of using mining equipment and Ethereum software that exposes this API interface over the Internet, recommending that users take precautions by either adding a password on the interface, or using a firewall to filter incoming traffic for port 8545. Many mining rig vendors and wallet app makers have taken precautions to limit port 8545 exposure, or have removed the JSON-RPC interface altogether. Unfortunately, this wasn't an industry-concerted effort, and many devices are still exposed online. But despite warnings from the Ethereum team, many users have failed to check Ethereum clients about this issue.

EDIT: 360 Netlab claims that over $20 Million in Ethereum has been stolen already.
 
Last edited:
But I thought block-chain was going to solve all problems and make things like this impossible as well as giving everyone two cars and a chicken in every pot.
 
But I thought block-chain was going to solve all problems and make things like this impossible as well as giving everyone two cars and a chicken in every pot.
Wait for it....
The Block-Chain Evangelists will get on here any minute to indoctrinate us on how secure and safe it is and how everything is better with crypto Fiat.
 
  • Like
Reactions: WhoMe
like this
There is no need for a wallet while using eth. Its as simple as that... You guys should stop posting things about crypto. You have no clue...:D
 
Blockchains exist to facilitate crimes, so this is exactly what should be expected.
 
Back
Top