Hackers aren’t fazed by the ongoing cryptocurrency market slump. According to a new report by ZDNet released yesterday, hackers are out to steal your Ethereum [ETH] especially if you’re mining.
The report details that that hackers have been on a campaign for the better part of the past week devising methods to hack into internet-exposed Ethereum wallets and mining equipment.
The report cites evidence from Troy Mursch, co-founder of Bad Packets LLC who said that the hackers are scanning the internet for devices with port 8545 exposed online. This particular port is necessary for several Ethereum wallets and mining equipment and enables devices utilizing it to maintain communication within the Ethereum blockchain.
According to the report, port 8545 is the standard port used by the JSON-RPC interface, an interface that underlies most Ethereum wallets and mining software. Through this port, applications bundled with the corresponding software will be able to query the blockchain for mining and funds related information.
In theory, the JSON-RPC interface is designed to be used locally within the local network of the mining equipment. However, a few wallets and mining equipment have enabled it for most interfaces hence connecting it to the internet. Additionally, the JSON-RPC interface is a security hole as it does not come standard with a password and relies on the user to set one up.
Once the hackers have found a pool of potential victims, they could run tests to check who has left their wallets exposed to the internet without setting up a password. An exposed interface can easily be commanded to transfer funds to another wallet.
Ethereum warned about the problem
This problem is not new, however. Back in 2015, Ethereum core developers released an advisory warning wallet and mining software developers and users alike to take extra caution against allowing traffic through port 8545. Their suggestions included employing firewalls to filter the traffic or setting up a password for the JSON-RPC interface.
Over the past several months, reports have surfaced reporting on massive port 8545 scans. Back in June this year, the Chinese cyber-security firm Qihoo 360 Netlab reported on a group of hackers who had managed to steal $20 million worth of ether (June exchange rate). According to the report, these mass scans on the vulnerable port have more than tripled in the past month as compared to the previous months despite the falling Ethereum price.