Hackers have tripled their efforts this month to rip off “exposed” Ethereum wallets and mining equipment- probably in an attempt to profit while the profiting’s still good, ZDNet reports.
In fact, attack frequency has been furious for the past week, said Troy Mursch, co-founder of of the cybersecurity firm Bad Packets.
This particular attack involves using software to roves the Internet looking for “8545 ports” on equipment or Internet-connected “hot wallets” that have not been password or firewall protected.
An 8545 port, “… is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information.”
While many apps and mining rigs typically only exposes the port locally, “…some wallet apps and mining equipment enable it on all interfaces. Furthermore, this JSON-RPC interface, when enabled, also does not come with a password in default configurations and relies on users setting one.”
If the port remains exposed on the Internet, “…attackers can send commands to this powerful interface to move funds from the victim’s Ethereum addresses,” meaning they can pickpocket someone’e “ethers.”
According to ZDNet, programmers at Ethereum sent out a security warning about the 8545 port to users of the network in August 2015, advising people to password the port or set it behind a firewall.
Many users, however, didn’t get the memo.
And while “many” mining rig manufacturers have implemented 8545 protections or have removed the related “JSON-RPC” interface entirely, there appear to still be significant gaps in the Ethereum network’s security.
Researchers say that scans and attacks have been repeatedly escalated to correlate with upward price moves in Ethereum, and have noticed surges in attacks in November 2017, as well ad in January, May and June of this year.
The price of Ethereum is currently at its lowest since May 2017 (about $90 USD versus $1400), and has probably been affected by sell offs from ICO (initial coin offering) projects built on the network, some of which have been or may be sanctioned by the Amercian Securities and Exchange Commision for issuing unlicensed securities.
Several competing networks also appeared this year and began selling “currencies” or tokens, including EOS.
The scanning tools used to search out the vulnerable ports can reportedly be downloaded for free, and Mursch says the attacks are nonetheless still cost effective:
“Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it’s pennies a day.”