Hackers have devised a new way to steal your cryptocurrencies. This time, they are running a massive scanning campaign to pick out Ethereum wallets and miners with a specific vulnerability.
Per reports on ZDNet, crypto hackers are targeting Etherum wallet and mining equipment going through devices with an exposed port 8545, the standard port for the JSON-RPC interface — a programmatic API that sits on the local device and can be used to query for mining-related information.
Ethereum developers had warned users about the dangers of exposing the JSON-RPC interface when using mining equipment and Ethereum software, instructing users to enable a password for the interface or activate a firewall to filter internet traffic coming to the vulnerable port.
By design, the JSON-RPC interface doesn’t come with a default password. It’s dependent on users setting one, which they rarely do. For Ethereum wallets or mining equipment whose port is left exposed on the internet, hackers can send commands to the API and remotely transfer funds out of the wallets.
The report states that mining rigs producers and Ethereum wallet developers have done their bit to limit the damage caused by this problematic interface by warning users of the need to add a password. Others have gone the extreme route of removing the interface altogether, but since this wasn’t a united effort, the problem persists.
While there had been plenty of Ethereum scanning campaigns over the last two years, this is the first time scans have been reported in a bear market. In fact, the report cites data from Tory Mursch, co-founder of Bad Packets LLC, who told the news outlet that the scan campaigns tripled in December, compared to last month, when prices were stable.
“Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it’s pennies a day.”
What makes these scans hard to believe is how easy one can procure the tools needed to exploit Ethereum clients via an exposed port 8545. According to the report over 4,700 devices, mostly made up of Geth mining rigs and Parity wallets, are the most vulnerable devices exposing their interface to intruders.
Last year, hackers stole $32 million in ether through a vulnerability in Parity’s popular multi-signature wallet, leading to the development team instructing users who were holding ETH in Parity wallet clients to move their funds to a secure address.