A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today.
The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545.
The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service —such as a mineror wallet application that users or companies have set up for mining or managing funds.
Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner’s personal details.
As such, this interface comes disabled by default in most apps, and is usually accompanied by a warning from the original app’s developers not to turn it on unless properly secured by an access control list (ACL), a firewall, or other authentication systems.
Almost all Ethereum-based software comes with an RPC interface nowadays, and in most cases, even when turned on, they are appropriately configured to listen to requests only via the local interface (127.0.0.1), meaning from apps running on the same machine as the original mining/wallet app that exposes the RPC interface.
Some users don’t like to read the documentation
But across the years, developers have been known to tinker with their Ethereum apps, sometimes without knowing what they are doing.
This isn’t a new issue. Months…