🎂 Turned 31 this year? Get health insurance before your price rises.
Get cover

$20 million stolen from misconfigured Ethereum apps

Andrew Munro 14 June 2018 NEWS

Wherever there are users, there will be user error. With cryptocurrency, those errors can be expensive.

The owner of this Ethereum wallet discovered one simple trick to become a multimillionaire in about four months. At current prices, that wallet holds almost $19 million worth of Ether, stolen from misconfigured Ethereum apps, according to cybersecurity company 360 Netlab.

It's made this money from scanning the Ethereum network for vulnerable Geth (Ethereum mining) clients. It's pulled in a fair amount over the years, but hit paydirt in March 2018, after it started scanning for exposed Remote Procedure Call (RPC) on port 8545. This RPC is used to give approved third-party services access to data, so it's potentially able to transmit some fairly sensitive information like private keys, personal data or to move funds. As such, it usually comes disabled by default and gives a warning when turned on.



But that apparently hasn't stopped people from leaving it open or unknowingly opening it up while tinkering.

It only had about four Ether back in March, but since then it has managed to pull in plenty more. Most of the transfers going into the wallet are relatively small amounts, but they roll in constantly, and occasionally it hits a big payday. These big paydays make up the bulk of the earnings.

This scanner's success has attracted others to the same port, and right now any exposed port is probably going to get snapped up quickly.

"If you have honeypot running on port 8545, you should be able to see the requests in the payload, which has the wallet addresses," the Netlab team said. "And there are quite a few IPs scanning heavily on this port now."


Similar scans go on all the time, and other cryptocurrency networks also get trawled by scanners looking to find someone who accidentally left a door open.

Similar scans, looking for vulnerabilities, are going on all the time on the Internet, but cryptocurrency has given them a new twist. Traditionally, these would just be looking for passwords, personal information and whatever other low-value data someone can get their hands on.

But digital currencies present an opportunity for someone to pick up money directly, making them a much more popular target for tech-savvy thieves. With $20 million of Ether in just a few months, at least one thief has found the exercise well worth it.

Cryptocurrency is a brand new way of tying money and the Internet together, but user error is timeless and continues to be very expensive.


Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and XRB.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms and Conditions and Privacy Policy.
Ask a question
Go to site