A hacking group is said to steal more than $20 million in Ethereum from the Ethereum-based wallets and mining apps.
China-based cybersecurity company Qihoo 360 Netlab stated that the hackers made use of the Ethereum software adjusted for the access to remote procedure call interface on 8545 port.
"The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service —such as a miner wallet application that users or companies have set up for mining or managing funds," the report reads.
According to the statement, 90% of Ethereum-based software run with RPC, and even with the active interface the software "are appropriately configured to listen to requests only via the local interface (127.0.0.1), meaning from apps running on the same machine as the original mining/wallet app that exposes the RPC interface."
It is worth mentioning, that users have been using incorrectly configured Etherem clients, and their RPC interfaces have been scanned for many years but soared with crypto price upturn. For reference, extremely high scan processes were detected last November.
"Nonetheless, with over $20 million stolen in the last few months just by one group, there are apparently lots of users who can’t be bothered with reading their app’s documentation before setting up an Ethereum wallet or mining rig," Qihoo 360 Netlab commented.
Notably, this interface can provide access to vital functions, so the third-party apps can to browse private keys and make transactions. It is said to be disabled by default, though the developers say that there is a risk of its activation in case of insufficient protection.