Cryptonews Ethereum News USD 20 Million Stolen from Ethereum Clients – What Should I Do?

USD 20 Million Stolen from Ethereum Clients – What Should I Do?

Sead Fadilpašić
Sead Fadilpašić
Last updated: | 1 min read

A group of hackers has stolen over USD 20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today.

Source: iStock/jpgfactory

If you’re one of the victims, you probably know it already – but even if you’re not, you should understand how this happened and what you should do to protect yourself.

The cause of the theft is an exposed “vulnerability.” There are Ethereum software applications that have been configured to expose a Remote Procedure Call (RPC) interface on port 8545. The purpose of this interface is to provide access to programmatic API (application programming interface) that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service.

However, the RPC interface can grant access to very sensitive functions, like private keys, personal details and similar, which makes it logical that it should be disabled at all times. This is mostly the case: it comes disabled by default in most apps and comes with a warning not to enable it if you don’t have protective measures put into place (and especially if you don’t know what you’re doing.)

Nowadays, the RPC interface is pre-configured to listen only to local requests, i.e. to those coming from the same machine. However, people tinkering with Ethereum apps have been known to enable the RPC interface to the world, which malicious actors took advantage of.

Protecting yourself from attacks of this kind is not hard: for starters, you should not configure your Ethereum client no matter what unless you know exactly what you’re doing. Reading the warning notices that come with the app you’re using should be your first step. If you want to tinker with it, don’t just google the solution and pick the first one you come across – try to learn as much as you can about what you’re doing. And finally, if you have a good reason to enable the RPC interface, secure it by an access control list (ACL), a firewall, or other authentication systems.

Ethereum Hack Security

Most Popular

Blockchain News
Crypto Lawyer John Deaton Is Outraising Elizabeth Warren In Election Campaign
Bitcoin News
Australian Crypto Mining Companies Collapse into Liquidation Owing 450 Investors
Blockchain News
Robert Kiyosaki Says No to Spot Bitcoin ETF Investments
Altcoin News
Crypto Payments Firm Triple-A Includes PayPal’s Stablecoin in Payment Options for Customers
Bitcoin News
BitMEX Incrases Leverage to 250x on its Bitcoin Perpetual Swap to Benefit Traders Amid Halving Volatility
Blockchain News
What’s Happening In Crypto Today? Daily Crypto News Digest

Latest news

Altcoin News
Crypto Payments Firm Triple-A Includes PayPal’s Stablecoin in Payment Options for Customers
Bitcoin News
BitMEX Incrases Leverage to 250x on its Bitcoin Perpetual Swap to Benefit Traders Amid Halving Volatility
Blockchain News
What’s Happening In Crypto Today? Daily Crypto News Digest
Altcoin News
Google Ads Promotes Fake Crypto Website Leading to Phishing Scam
NFT News
Japan’s SBI Group Plans to Issue NFTs Built on XRP Ledger for World Expo 2025 in Osaka
News
Spot Bitcoin ETFs and Halving Mark Milestones – What Lies Ahead for Crypto?
Bitcoin News
Bitcoin Price Prediction as Crypto Market Recovers Following Israeli Retaliation Against Iran – Is the Worst Over?

Similar News