Multiple hackers are now implicated in a massive campaign that scans the entire Internet for exposed Ethereum wallets and mining equipment.
Hackers are scanning for devices that have the port 8545 open online. This is the main standard port for the JSON-RPC interface that most of Ethereum wallets and mining equipment utilize.
Utipicaly, this programmatic JSON-RPC interface should be only exposed locally, but as always happens in the cyber world most of the wallet apps and mining equipment have a flaw that enables it on all interfaces by default.
Even more problematic is the fact that, this JSON-RPC interface, when is enabled, does not have a password and relies on users for setting one.
In other words, if the JSON-RPC interface is enabled, the hackers can send commands to this powerful interface to empty your Ethereum wallets.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
This problem with the port 8545 isn’t new. It was first spotted on August 2015, when the Ethereum team sent a security warning to all Ethereum users about the dangers of using mining equipment and Ethereum software that exposes this API interface over the Internet.
Some mining rig vendors and wallet app makers have taken the precautions to limit port 8545, but this wasn’t a collective effort among all Ethereum industry, and many devices are still exposed online.
All these cyber attacks have multiplied exponentially, as the Ethereum’s price reached new heights. Massive scans have been reported in November 2017, January 2018, May 2018, and June 2018. One particular group even managed to stole Ethereum worth over $20 million.
Funny is the fact that in the past Ethereum’s price had skyrocketed, reaching a whopping $1,377 in January 2018 and this was the reason for those mass scans. But now the scans that have been taking place over the past week aren’t taking place because of an Ethereum price surge, the currency is now valued at $90, a low as of May 2017 price.
Probably the main reason here is that free money is still free, even if it’s pennies a day
Researchers are reporting that the scan activity has tripled, compared to last month.
A quick Shodan search shows that nearly 4,700 devices are currently left unprotected with the 8545 port open.
In conclusion, the Ethereum price might be down, but that doesn’t mean the cryptocurrency is worthless.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.