New Attacks on Ethereum Mining Rig
According to ZDNet and based on what Troy Mursch, Bad Packets LLC Cybersecurity company founder, stated, one-week extensive attacks on Ethereum mining rig has been observed from December 3. These attacks are searching for 8545 online ports. Qihboo360 cybersecurity company published some news about stealing $20 million in Ethereum by hackers from the programs and Ehtereum mining rigs on June 11, 2018 and unfortunately it is the second time. The major reason for the hackers to be able to steal users in this way is the miners’ carelessness.
Which drawbacks do hackers aim to?
8545 port is, in fact, JSON-RPC interface standard port which is used by many Ethereum wallets and mining devices. Some Eherium programs work in some specific way that they might make a remote procedure call in case of necessity and under the specific condition. This call enables accessing required Application Programming Interface (API) who can be connected to a mediator application and receive information from Ethereum-based core service. From the one hand, this RPC interface is able to provide sensitive availabilities such as private keys and personal information. Generally, this interface should allow local availability; however, some wallets and their mining programs are activated on all interfaces. Besides, this JSON-RPC interface doesn’t have any specific private key and just depends on the users’ setting and the security they have provided when activated. If this interface procures availability on the internet, other users can easily steal from their accounts and transfer it to theirs.
Many sellers of mining rig and wallet programs have taken measures to constrain 8545 port, or generally removed JSON-RPC interface. Etherium team has sent a security message to all Ethereum users pointing probable risks of this API interface disclosure. The users are suggested in this message to add another password to their interface or apply Firewall to harness entering traffic to 8545.
To show miners vulnerability, ZDNet writes that you can understand by Shodan search engine that currently 8545 port is transparent in 4700 devices most of which apply Geth mining tool and Parity wallets; although, the prices were very low at the time of writing this report, but the hackers are still trying to steal from the users’ accounts.
What should be done against these attacks?
As reported before, it is not difficult to protect yourself against these attacks. Work with Ethereum programs only when you are fully familiar with the process of what you are going to do and read warning messages given to you in the program. If you have a strong reason to activate RPC, make it secure by an Access Control List (ACL) or a Firewall. Don’t forget that the cryptocurrency world enjoys high security while it can confront you with the hackers’ risk. The users should take these risks seriously and change mining equipment and wallet settings as soon as possible.