USD 20 Million Stolen from Ethereum Clients - What Should I Do?
A group of hackers has stolen over USD 20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today.
If you’re one of the victims, you probably know it already - but even if you’re not, you should understand how this happened and what you should do to protect yourself.
The cause of the theft is an exposed “vulnerability.” There are Ethereum software applications that have been configured to expose a Remote Procedure Call (RPC) interface on port 8545. The purpose of this interface is to provide access to programmatic API (application programming interface) that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service.
However, the RPC interface can grant access to very sensitive functions, like private keys, personal details and similar, which makes it logical that it should be disabled at all times. This is mostly the case: it comes disabled by default in most apps and comes with a warning not to enable it if you don’t have protective measures put into place (and especially if you don’t know what you’re doing.)
Nowadays, the RPC interface is pre-configured to listen only to local requests, i.e. to those coming from the same machine. However, people tinkering with Ethereum apps have been known to enable the RPC interface to the world, which malicious actors took advantage of.
Protecting yourself from attacks of this kind is not hard: for starters, you should not configure your Ethereum client no matter what unless you know exactly what you’re doing. Reading the warning notices that come with the app you’re using should be your first step. If you want to tinker with it, don’t just google the solution and pick the first one you come across - try to learn as much as you can about what you’re doing. And finally, if you have a good reason to enable the RPC interface, secure it by an access control list (ACL), a firewall, or other authentication systems.