Misfortunate Misconfiguration = Fortune!

[FrgMstr]

Researchers from Chinese Cyber Security Firm 360 Netlab have discovered that over $20 million dollars worth of Ethereum has been stolen from users with misconfigured Ethereum applications since March of this year. Just to add a little flavor to the conversation, there were only 3.96 Etherium on the attackers wallet back then, worth around $2K to $3K (USD).

The misconfiguration in question regards leaving the Remote Procedure Call (RPC) interface open on port 8545. If you mine Ethereum and are thinking "Hey! Ethereum Project warned against leaving that port exposed a long time ago!" then CONGRATULATIONS! You win a cookie! If not, you should probably drop what you are doing and go ahead and un-misconfigure your misconfigured configuration.


You can behold the glory of misconfigured misfortune here. Thanks to SCHTASK for the writeup!

 

[TwiceOver]

Really confused. Who is just wandering around with ports open by default on their router intentionally port forwarded to the machine?

 

[Nobu]

Really confused. Who is just wandering around with ports open by default on their router intentionally port forwarded to the machine?

Well, you don't need to have ports forwarded at the router to access internal ports. Just need windows (mis)configured to direct traffic pointed to/from [unprotectedport] from/to 8545.