[ad_1]
Hackers have come up with a new way to steal your cryptocurrencies. This time, they are conducting a massive scan campaign to identify the Ethereum portfolios and miners with a specific vulnerability.
For reports on ZDNet, cryptographic hackers target the Etherum portfolio and mining equipment that passes through devices with an exposed port 8545, the standard port for the JSON-RPC interface, a programmatic API that it is on the local device and can be used to perform searches – related information.
The developers of Ethereum had warned users of the dangers of exposing the JSON-RPC interface when they were using mining equipment and Ethereum software, asking users to enable a password for the interface, or to activate a firewall for filter Internet traffic from the vulnerable port.
By design, the JSON-RPC interface is not provided with a default password. It depends on users who set one up, which they rarely do. For Ethereum portfolios or mining equipment whose door is left exposed on the Internet, hackers can send commands to the API and remotely transfer funds from their portfolios.
The report states that manufacturers of mining rigs and Ethereum portfolio developers have done their duty to limit the damage caused by this problematic interface by warning users of the need to add a password. Others have gone the extra mile to completely remove the interface, but since this has not been a united effort, the problem persists.
Although there have been numerous Ethereum scan campaigns in the last two years, this is the first time that scans have been made in a bear market. In fact, the report cites data from Tory Mursch, co-founder of Bad Packets LLC, who told the press that scan campaigns tripled in December, compared to last month, when prices were stable.
"Despite the price of cryptocurrency that crashes against the gutter, free money is still free, even if small change per day."
What makes these scans difficult to believe is how easy it is to get the tools needed to leverage Ethereum clients through an exposed port 8545. According to the report, over 4,700 devices, mostly made up of Geth extraction platforms and Parity portfolios, are devices more vulnerable by exposing their interface to intruders.
Last year, hackers stole $ 32 million in ether through a vulnerability in Parity's popular multi-signature portfolio, leading the development team to instruct users who held ETH in Parity's Wallet clients to transfer their funds to a secure address.
Shutterstock foreground image
Get an exclusive cryptographic analysis by professional traders and investors on Hacked.com. Register now and receive the first month for free. Click here.
Source link
