Unsecured Nodes Lead to $20 Million Worth of Ethereum Being Stolen in 3 Months

Jun 15 2018

With cryptocurrencies on the rise, crypto-related crime has also been rising. While we hear of attacks on cryptocurrency exchanges and phishing scams - there are a number of other ways that hackers use to syphon off cryptocurrencies into their accounts. Reports from Qihoo 360 Netlab, a Chinese cybersecurity firm indicate that hackers have made use of unsecured nodes to steal as much as $20 Million worth of Ethereum (ETH) over the past three months.

Basically, hackers are exploiting poorly-configured Ethereum mining rigs and in some cases, applications which have unsecured nodes to hijack the systems and steal cryptocurrencies. Reports from Qihoo 360 Netlab indicate that there has been a sharp increase in the scanning of unsecured nodes by hackers. $20 Million (over 38,000 ETH) has been stolen from users who failed to securely close their JSON-RPC port 8545.

What makes it even more alarming is that this vulnerability was discovered and reported by Qihoo 360 Netlabs back in the March of this year. At the time of the discovery, they had pointed out that the hackers had only 3.96 ETH in their account. However, over the next three months - the amount has reached 38,642 ETH - close to $20 Million. The transaction details of this malicious account which has managed to steal so much Ether can be seen here.

Interestingly, they are not the only ones scanning for unsecured ports. This vulnerability has led to several other groups of hackers now making use of the same practice. The Satori Botnet had been spotted in May to be targeting Ethereum Miners. Millions of dollars have been lost and millions more are at risk. App developers on the Ethereum platform as well as those mining for Ethereum must ensure that the JSON-RPC port 8545 is closed to stay safe from this kind of an attack.

This report comes as a bad news for Ethereum - as prices of Ether are on a steady decline. It is expected that this is going to give yet another jolt to the prices, possibly even accelerating this downtrend that the price of Ether is caught in.

Rise in Crypto-Crime

There has been a sharp rise in cryptocurrency-related crime of late. Over $1.1 Billion worth of cryptocurrencies has already been stolen in the past six months. This includes the biggest cryptocurrency hack of all times - where the Coincheck cryptocurrency exchange was hacked and over $500 Million worth of NEM (XEM) cryptocurrency was stolen. Since then there have been a few other hacks - including attempts at taking down Binance, one of the largest crypto-exchanges in the world. 

Ransomware, Cryptojacking and other similar cryptocurrency related cybercrimes have also been rising. Recent cryptojacking attacks have targeted the websites of a Russian county as well as multiple websites of the UK government. Business groups are also being targeted by these crypto-criminals. 

As the awareness around cryptocurrencies rises - and as more and more people begin to see cryptos as a viable investment option, it is bound to increase the number of criminals looking forward to stealing cryptocurrencies. Crypto-organizations need to step up their security to ensure that they remain safe from such attacks. 

Comments