According to a report by ZDNet, published on December 10, 2018, cybercriminals have doubled-down on their efforts to hack into internet-exposed Ethereum wallets and mining equipment.
Publicly Exposed Ports Risk Holders Wallets
Per the report, cybercriminals are actively scanning for crypto equipment with port 8545 exposed online. Notably, port 8545 is the standard port for the majority of the Ethereum wallets and mining devices. It serves as the standard port for the JSON-RPC interface, which is a programmatic API used by local services and apps to generate a query for cryptocurrency mining and fund-related information.
Ideally, the API as mentioned above should only be exposed locally, but some wallets and mining equipment are presenting their presence on all interfaces, which, in turn, puts the users’ security under significant risk. Adding to the danger is the fact that the JSON-RPC interface does not have a default configurations password, and is dependent solely on user settings.
Put simply, keeping such wallets and mining equipment exposed on the internet makes them an easy target for cybercriminals to move funds or manipulate addresses through a basic programming command.
The report claims that mass-scan campaign concerning internet-exposed Ethereum wallets has been running since December 3, 2018. Troy Mursch, the co-founder of Bad Packets LLC, shared an informative graph with the publication which shows how the scan activity has almost tripled in December compared to November 2018:
“Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it’s pennies a day.”
Unfazed by the Crashing Prices
While it’s true that the price of ether has crashed significantly in the past couple of months, users should always take precautions about the security of their wallets and cryptocurrency holdings.
Historically such internet-wide scans have usually taken place when the price of crypto is on an upward trend. However, the sudden surge in the number of the scans in the past few weeks has surprised many in the industry, as currently, ether trades at the high 80s level, a figure which it hasn’t seen since May 2017.
Keeping in mind the risks associated with port 8545 exposure, many wallet app makers and mining equipment vendors have taken steps to mitigate the exposure, or even do away with the JSON-RPC interface altogether. However, a significant number of companies continue to produce devices and apps with port 8545 exposure, thus putting the financial safety of the users under jeopardy.
On June 13, 2018, BTCManager reported how hackers stole over $20 million of ether after exploiting the exposed port 8584 in Ethereum-based mining rigs and dApps.