Please don’t skip this message — it only takes a minutes to read. Sorry to bother you, but time is running out.

Bitcoin is freedom. If you think independent, ‘bitcoin-only’ media is important, if you believe information and education about bitcoin matters for adoption, and if you have gained something from our work, we would be grateful if you could chip in $21. 

Join the 2% of our readers who occasionally make a donation. If everyone reading this donated just $21, we would reach our target in a couple of hours. $21 is all we ask for. To cover the cost for our servers, editors, writers, and thumbnail artists we rely on our readers’ generous support. 

How You can chip in:

  • Send sats as a tip to a writer. All of our writers have an active tipping widget.
  • Join our campaign on 
    Awesome perks are waiting for you such as the limited edition Bukele Blend Coffee from El Salvador.

Your support ensures that Bitcoin News stays independent with a laser focus on Bitcoin and only Bitcoin.


Hackers Collect $20 Million in Ether from 3-Yr Old Geth Flaw

Hackers Collect $20 Million in Ether from Years Old Geth Flaw

Support free writers: > send a tip

written by

Hackers have stolen more than ETH 38,000 worth over USD 20 million in a single wallet by exploiting a vulnerability in the Geth Ethereum client, despite a warning three years ago from the developers of Ethereum about this specific exploit. There was an additional warning in March 2018 that hackers had successfully stolen ETH 4 with this method. These warnings apparently did not result in a fix.

The flaw lies in the JSON-RPC protocol of the Geth client, which is used to send Ether from a wallet that has been unlocked. This is useful for creating programs that interact with the Ethereum wallet. By default, the Remote Call Protocol (RPC) is disabled, and if it is enabled it is usually only available to the same computer which is running the Ethereum client.

However, it is possible to configure the RPC so that any computer on the internet can query the Ethereum wallet, which allows any computer on the internet to withdraw funds. Anyone that knows your wallet address and IP address can steal your Ethereum if your RPC is configured in this way.

The hackers simply scanned the internet for Geth clients that had JSON-RPC port 8545 open, and withdrew funds to their wallet whenever they found one.

This is probably being done with an automatic script, as Ethereum accounts are actively being robbed today based on the transaction history of the hacker’s wallet. There are over 5,000 transactions in the hacker’s Ethereum wallet, dating as far back as 2016. Comments on the address on suggest that many users have fallen victim.

It is unknown how widespread the hacking is, since this is just one wallet address, and there could be many more addresses that hackers use to siphon off funds by exploiting the Geth client’s JSON-RPC vulnerability.


Follow on Twitter at

Telegram Alerts from at

Help spread this article :) is NOT INVESTMENT ADVICE

Opinions expressed are entirely their own and do not necessarily reflect those of

For informational purposes only. Individuals and entities should not construe any information on this site as investment, financial, legal, tax, accounting or other advice. Information provided does not constitute a recommendation or endorsement by to buy or sell bitcoin, cryptocurrencies or other financial instruments. Forecasts are inherently limited and cannot be relied upon. Do your own research and consult a professional advisor. The opinion of authors do not reflect those of 


bitcoin shop miami

Read More Bitcoin News

Hayek And Bitcoin

Hayek and Bitcoin

Hayek passed long before Bitcoin’s inception, but in his book The Denationalisation of Money, he argued for nothing short of stripping the state of its monopoly power of money itself.

Read More »


bitcoin shop miami

Join our Newsletter

Video of the Week


Latest on Bitcoin News

Join our Newsletter