Hackers Ramp up Attacks on Mining Rigs Before Ethereum Price Crashes Into the Gutter

Hackers have set off in motion a massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment, ZDNet has learned today.

Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information.

In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces. Furthermore, this JSON-RPC interface, when enabled, also does not come with a password in default configurations and relies on users setting one.

If the Ethereum wallet or mining equipment has been left exposed on the Internet, attackers can send commands to this powerful interface to move funds from the victim’s Ethereum addresses.

However, the problem with port 8545 isn’t new. Back in August 2015, the Ethereum team sent out a security advisory to all Ethereum users about the dangers of using mining equipment and Ethereum software that exposes this API interface over the Internet, recommending that users take precautions by either adding a password on the interface, or using a firewall to filter incoming traffic for port 8545.

Many mining rig vendors and wallet app makers have taken precautions to limit port 8545 exposure, or have removed the JSON-RPC interface altogether. Unfortunately, this wasn’t an industry-concerted effort, and many devices are still exposed online.

But despite warnings from the Ethereum team, many users have failed to check Ethereum clients about this issue.

While initially this wasn’t such a big hassle, as Ethereum’s price grew to new heights, so did scans and attacks against exposed Ethereum clients. Massive scans targeting port 8545 have been reported in November 2017, January 2018, May 2018, and June 2018.

Chinese cyber-security firm Qihoo 360 Netlab said that one particular group behind these scans stole Ethereum worth over $20 million, at June 2018’s exchange rate.

All the aforementioned scans had one thing in common, and that’s the fact that Ethereum’s price had skyrocketed to never-before-seen heights during those periods, reaching a whopping $1,377 in January 2018.

Related Articles