Menu

Search

  |   Technology

Menu

  |   Technology

Search

$20M Worth of Ether Stolen After Hackers Exploit Poor App Configuration

A poorly designed Ethereum app led to the hacking of $20 million worth of Ether, Cointelegraph has reported. Attackers exploited the vulnerability present in a Remote Procedure Call (RPC), which allows third parties to access and interact with the data within.

The attackers exploited port 8545, where the RPC had been left enabled by developers for some reason. This allowed the hackers to compile and make off with sensitive miner and wallet information. It provided these illicit third parties with access to private keys and the chance to peek into the port owners' personal data and consequently transfer funds.

For this reason, the RPC interface is usually disabled. And even if it is open, it’s generally designed to give access to apps that are operating only locally.

It’s still unclear why the app developers enabled port 8545’s RPC – maybe they were configuring something – but it gave the hackers backdoor entry. In short, human error is likely the culprit in such a large loss yet again.

Incidentally, attention was already called to this vulnerability by Qihoo 360 Net Lab in March. During the time, an attacker got only 3.96234 worth of Ether, which was valued at about $2,000 to $3,000 then.

Netlab developers added that hackers are continuing to scan port 8545 hoping to find any other RPC interface that has been left open. With the success of this recent heist, other illicit actors will surely want to join the fray.

While this is grim news for the victims, the increase in hacking incidents will only make Ether and other cryptocurrencies resistant to this kind of attack in the future, according to some experts. Blockstar CEO Christian Ferri said that hacking incidents will always be painful for some in the short run, but will play a significant role in creating a more secure framework for the crypto industry in the future.

Indeed, vulnerabilities like this will definitely contribute to the guidelines that will govern how blockchain companies operate in order to make a habit of plugging these threats and risks. Ethereum developers and co-founder Vitalik Buterin have yet to comment on the attack.

  • ET PRO
  • Market Data

Market-moving news and views, 24 hours a day >

February 15 21:00 UTC Released

UST Flows,Incl.Swaps

Actual

-66.6 Bln USD

Forecast

Previous

25.3 Bln USD

February 15 21:00 UTC Released

USOverall Net Capital Flows

Actual

-33.1 Bln USD

Forecast

Previous

31 Bln USD

January 31 00:00 UTC 549136549136m

ARAnnual Primary Balance*

Actual

Forecast

2016 bln ARS

Previous

Bln AR bln ARS

January 31 00:00 UTC 549136549136m

ARAnnual Primary Balance*

Actual

Forecast

2016 bln ARS

Previous

Bln AR bln ARS

January 22 19:00 UTC 560956560956m

ARTrade Balance

Actual

Forecast

Previous

-1541 %

January 31 00:00 UTC 549136549136m

ARAnnual Primary Balance*

Actual

Forecast

2016 bln ARS

Previous

Bln AR bln ARS

January 22 19:00 UTC 560956560956m

ARTrade Balance

Actual

Forecast

Previous

-1541 %

January 31 00:00 UTC 549136549136m

ARAnnual Primary Balance*

Actual

Forecast

2016 bln ARS

Previous

Bln AR bln ARS

January 31 00:00 UTC 549136549136m

ARAnnual Primary Balance*

Actual

Forecast

2016 bln ARS

Previous

Bln AR bln ARS

January 31 00:00 UTC 549136549136m

ARAnnual Primary Balance*

Actual

Forecast

2016 bln ARS

Previous

Bln AR bln ARS

Close

Welcome to EconoTimes

Sign up for daily updates for the most important
stories unfolding in the global economy.