Hackers have devised a new method to steal encryption currency. This time, they are large-scale scanning activities, has selected the specific vulnerability of the etheric Fang wallet and miners.
According to ZDNet reports, the encryption target for hackers is Etherum wallet and mining equipment with exposure to port 8545 of the equipment, this is the standard port JSON-RPC interface in the local device programming API, can be used to query related information mining.
The etheric Fang developers warned users exposed dangerous JSON-RPC interface in the use of mining equipment and Ethernet Fang software, indicating that the user interface to enable the password or activate the firewall to filter into the easy Internet traffic attack port.
According to the design, the JSON-RPC interface does not have a default password. It depends on the user to set a, they rarely do so. For the port on the Internet exposure of the etheric Fang purse or mining equipment, hackers can send API commands and remote transfer of funds from the wallet.
The report pointed out that the mining rig manufacturer and etheric Fang developers have done some work in the wallet, you need to add a password to restrict this problem caused by damage to warn the user interface. Other people have completely eliminated the extreme line interface, but because this is not a unity of effort, the problem still exists.
Although there are a large number of Ethernet Fang scanning activities in the past two years, but this is the first report of scanning bear. In fact, the report quoted Bad Packets LLC co-founder Tory Mursch, he told the news media, scanning activities in December an increase of more than two times a month on price stability.
“Although encryption currency prices rushed to the gutter, but free money is still free, even if it is a day of penny.”
Let these incredible people can scan through the exposed port 8545 for the development of Ethernet client tools required by how easy it is to. According to the report, more than 4700 sets of equipment (mainly by Geth mining equipment and Parity wallet) is one of the most vulnerable equipment will be their interface exposed to the intruder.
Last year, hackers through a loophole Parity popular multi signature wallet stole $32 million Ethernet, led to the development of team instructions holding Parity ETH users wallet customers to transfer their money safe.