Hackers have stolen more than ETH 38,000 worth over USD 20 million in a single wallet by exploiting a vulnerability in the Geth Ethereum client, despite a warning three years ago from the developers of Ethereum about this specific exploit. There was an additional warning in March 2018 that hackers had successfully stolen ETH 4 with this method. These warnings apparently did not result in a fix.
The flaw lies in the JSON-RPC protocol of the Geth client, which is used to send Ether from a wallet that has been unlocked. This is useful for creating programs that interact with the Ethereum wallet. By default, the Remote Call Protocol (RPC) is disabled, and if it is enabled it is usually only available to the same computer which is running the Ethereum client.
However, it is possible to configure the RPC so that any computer on the internet can query the Ethereum wallet, which allows any computer on the internet to withdraw funds. Anyone that knows your wallet address and IP address can steal your Ethereum if your RPC is configured in this way.
The hackers simply scanned the internet for Geth clients that had JSON-RPC port 8545 open, and withdrew funds to their wallet whenever they found one.
This is probably being done with an automatic script, as Ethereum accounts are actively being robbed today based on the transaction history of the hacker’s wallet. There are over 5,000 transactions in the hacker’s Ethereum wallet, dating as far back as 2016. Comments on the address on Etherscan.io suggest that many users have fallen victim.
It is unknown how widespread the hacking is, since this is just one wallet address, and there could be many more addresses that hackers use to siphon off funds by exploiting the Geth client’s JSON-RPC vulnerability.
Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom
Telegram Alerts from BitcoinNews.com at https://t.me/bconews
