Over $20m of ETH Stolen After Hackers Exploit Insecure Ethereum Clients

Avi Rosten

Security researchers at Chinese cyber-security company Qihoo’s 360 netlab have noticed what appears to be a massive theft of Ether - worth over $20m at the time of writing.

As reported in thehackernews, researchers from the lab in March pointed out a very small theft of just under 4 ETH by a group of cybercriminals who were scanning the internet to find insecure Ethereum nodes running the Geth client.

Yesterday, however, 360 netlab tweeted that a far more substantial theft seems to have taken place - with the criminals responsible exploiting the same flaw to steal 38,642 ETH - worth $20,480,000 according to CryptoCompare.

Geth is a client for running an Ethereum node on the network - similar to the way in which an internet browser such as Chrome gives you access to the internet.

Victims of the theft were those that insecurely enabled an interface called JSON-RPC on Geth - an interface which allows users to remotely access the Ethereum blockchain, and send transactions from any account which has been unlocked before sending a transaction.

The security vulnerability, however - was highlighted nearly three years ago by the Ethereum project themselves:

“It’s come to our attention that some individuals have been bypassing the built-in security that has been placed on the JSON-RPC interface. The RPC interface allows you to send transactions from any account which has been unlocked prior to sending a transaction and will stay unlocked for the entirety of the the session. By default, RPC is disabled, and by enabling it it is only accessible from the same host on which your Ethereum client is running. By opening the RPC to be accessed by anyone on the internet and not including a firewall rules, you open up your wallet to theft by anybody who knows your address in combination with your IP.”

Ethereum Blog

As Netlab 360 reported in March, those exploiting the flaw were searching the internet for users who (presumably unaware of the warning) had left their JSON-RPC port 8545 open to anyone on the internet.

HackerNews also reported that by searching the internet for the attackers’ Ethereum address, they had found multiple reports of attacks against ETH nodes that were left vulnerable in this way.

With Netlab advising users that there are others actively scanning for insecurely configured nodes, this latest attack again underscores the problems arising when some users are unaware of a network’s proper security procedures.

Crypto Mining Attacks Dropped in 2019 but Ransomware on the Rise: Kaspersky

Michael LaVere
  • New report by security firm Kaspersky found crypto-mining attacks declined in 2019.
  • Attackers have moved on to more lucrative methods, including the use of ransomware. 

A new report by security firm Kaspersky shows that cryptocurrency mining attacks fell sharply during 2019 but that ransomware involving crypto is on the rise. 

According to the “Kaspersky Security Bulletin ‘19” report, the total number of mining malware infections fell drastically in 2019. While the overall number of “unique malicious objects” reported by Kaspersky rose 13.7% on the year, mostly related to web-skimmer files designed for stealing credit cards,  web-miner infections declined 59% from 5.638 million infected machines to 2.259 million. 

However, certain crypto-mining malware scripts still made the top 20 list of threats, particularly applications that force a users’ computer to mine cryptocurrency in the background. 

Kaspersky security analyst Denis Parinov said, 

We have observed that the number of 'common' attacks against home users is slightly decreasing, but that the number of 'loud' public cases of crypto-ransomware infections is growing – for example, just two days ago New Orleans was hit by a ransomware.

Parinov believes hackers previously involved in mining have moved on to more lucrative opportunities, including the use of crypto-based ransomware. 

Vyacheslav Zakorzhevsky, Kaspersky’s head of anti-malware research, added, 

[Mining attacks] have lost their popularity due to lower profitability and cryptocurrencies’ fight against covert mining.

Featured Image Credit: Photo via Pixabay.com