Ethereum Hacks have increased significantly in the Last one Week

According to a report by ZDNet on Dec. 10, hackers have set off a massive campaign on Internet-exposed Ethereum wallets and mining equipment.

The co-Founder of Bad Packets LLC, Troy Mursch told that the campaign has been taking place since December 3.

Attackers are in search for devices with the port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. The JSON-RPC interface is programmatic API which apps and services use for the query for mining and funds-related information.

Although this interface should only be exposed locally, some wallet apps have enabled it on all interfaces. Once enabled, this requires a user to set a password.

Attackers can use this information to send commands to move funds from one wallet to another using this interface.

This issue has been addressed in August 2015, where the Ethereum team told all Ethereum users about the dangers of using mining equipment over this API interface, recommending them to either set a password or use a firewall to filter incoming traffic for port 8545.

Many have taken measures to limit or completely remove the interface. Unfortunately, there are still many users whose devices are still exposed online.

Massive scans targeting 8545 port have been identified in November 2017, January 2018, May 2018, and June 2018.

One piece of information about the scans is that all of them occurred during Ethereum’s price surge.

But over the past week, as we all know, Ethereum’s price has been drastically falling, and the scans have reappeared again.

Mursch told ZDNet in an interview:

“Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it’s pennies a day.”

According to a chart Mursch shared with ZDNet, the scan activity tripled, when compared to last month:

Image: Troy Mursch
Image: ZeroBS

A Shodan search shows that nearly 4700 devices are still exposing their port 8545.

There are also free tools available to exploit and automate scans on Ethereum clients via port 8545.

This is indeed a warning to all miners using the port 8545 to remove the port so as to prevent further attacks. It is times like these a Theft Insurance should be in place.


About Bank Of Hodlers

Bank of Hodlers is building a customer-centric bank on the blockchain, by providing financial services which include loans and payments backed by your digital assets.

We are organizing a Bounty Program where you can earn up to 1700 BOH tokens (which will be equal to $340 at the time of our sale) by completing the most simplest of actions. The total allocation for the bounty is $1 million. Participate now and help us create an ecosystem where people will be able to bank on their digital assets.


crypto blog

Want to share your thoughts on this?

Up ↑

%d bloggers like this: