Someone’s scanning EOS nodes for accidentally exposed private keys
Someone's wandering around EOS, looking for anyone who has left their keys hanging in the open.
It's generally a good idea to have a solid grasp of the technicals if you want to run a node, program blockchain machinery like wallets, or otherwise go deep. An ongoing scan of EOS nodes, by an unknown potential attacker, shows why.
GreyNoise Intelligence has found someone scanning EOS nodes in search of one very specific vulnerability.
What they're looking for
This scan is based on a GitHub issue posted about a week ago, in which the "/v1/wallet/list_keys" – which the scanner is targeting – might reveal private keys.
The unknown scanner will most likely come up empty handed. The function was simply intended for ease of testing rather than use in a live environment, so anyone who's vulnerable to that particular issue has made a big mistake somewhere down the line or copy pasted code a little too carelessly.
This potential vulnerability isn't a flaw in EOS, so much as a specific form of user error. Much like most home burglaries begin with someone wandering around looking for open windows and unlocked doors.
It's not related to the recently discovered, quickly repaired and incredibly devastating EOS vulnerability which actually was an issue with EOS itself.
It's interesting to note that this shows attackers are delving into GitHub looking for exploitable bugs. Although it's reassuring that it took them about a week to get around to it and that they'll most likely come up empty handed. It might be worth a shot though. Everyone makes mistakes, and if they get lucky, there's a potential for a big payday at the end of the scanning.
These kinds of scans aren't unique to EOS, or even to blockchain technology. Rather they're more like the constant background noise of the Internet. Attackers are constantly scanning ports across the Internet looking for vulnerabilities and any opportunity to pick up any kind of potentially profitable information.
"Honeypot" ports around the Internet are constantly subjected to these kinds of probes, although cryptocurrency networks tend to be probed more hungrily than the Internet as a whole. This is probably because vulnerabilities on a blockchain might lead an attacker to a huge payday, rather than just some dusty old passwords or a backdoor into an abandoned website or something.
These EOS scans probably aren't anything to worry about. For those who do need to worry, it's probably already too late.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, BTC and NANO.