Over $20 Million Stolen in Ethereum by Hackers from Unsecured Nodes

Cyber-criminals are continuing their “raids” on the blockchain and this time they target Nodes which are exposed and based on the Ethereum blockchain.

Researchers by Qihoo 360 have previously discovered a flaw back in March which included using an unsecure port to take control of non properly secure Ethereum nodes by using a transaction and a malicious JavaScript code embedded within it to take control of the Nodes. Back in March, hackers were able to steal almost 4 Ethers (Tokens of the Ethereum Cryptocurrency), which should have raised awareness to the team behind the platform and all of the ERC-20 tokens out there. But with no effect, since researchers have recently found out that cyber-criminals were successfully able to steal 38,642 Ethers, which now ammount ot around $20,5 million by hijacking ETH wallets of users who have installed clients on their devices with an open 8545 port on the Ethereum client, called Geth.

Geth is likely the most popular Ethereum client so far and it is used to run Ethereum nodes and enabling the Ethereum JSON interface, allowing remote access to the blockchain network and it’s functions. This basically means that via this client you can manage and see different transactions. However, while the researchers were browsing, they have seen that almost 40 thousand Ethers were credited to the following Ethereum wallet as reported by The Hacker News:

And not only this, but reports related to the same very address appeared on a lot of forums with users having their funds missing as a result of theft and the reports were coming from usrs who have left their JSON-RPC interface on computers with enabled internet connections.

Researchers have warned users that the hackers are heavily scanning the internet connection for unsecure JSON-RPC types of interfaces in order to (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Vencislav Krustev. Read the original post at: https://sensorstechforum.com/20-million-stolen-ethereum-hackers-unsecured-eth-nodes/