Report: Misconfigured Ethereum Clients Have Resulted in Hack of Around $20 Mln

About $20 mln worth of Ethereum have reportedly been stolen by a group of hackers, exploiting misconfigured Ethereum clients, according to a Bleeping Computer article published June 11.

The hackers were able access applications using the Ethereum software which configured their interface to expose a Remote Procedure Call (RPC). The RPC interface allows third parties to query, interact with, and retrieve data from the Ethereum-based service, meaning those with access could get private keys, see the owner’s personal information, and even move funds.

While most apps disable this interface by default, and even when it is turned on, it is usually configured to only allow access to apps that are run locally. However, developers do not always keep this configuration and sometimes reconfigure their Ethereum clients without knowing the danger.

The Ethereum project has long known about the potential for exploiting this vulnerability and sent out an official security advisory as a warning to its users back in August 2015, indicating that the likelihood of an attack was low, but its potential severity was high…

Source: Report: Misconfigured Ethereum Clients Have Resulted in Hack of Around $20 Mln