Despite the massive plunge in the prices of cryptocurrencies, hackers continue to attack wallets and mining rigs, especially that of Ethereum. This is according to a report by tech-based news outlet ZDnet. Hackers are looking to make money from cryptocurrencies before price plunge even lower.
Hackers increase effort on Ethereum mining rigs and wallets
According to the report, hackers have been running a mass-scan campaign for more than a week now. The scanning network deployed by the hackers have been designed to target specifically Ethereum wallets and mining hardware.
Hackers are scanning for devices with port 8545 exposed online. These ports are the standard ones attached to the JSON-RPC interface of many Ethereum wallets and mining equipment. The API interface for the mining hardware and wallets makes it possible for locally installed apps and services to scan for Ethereum funds and other mining data.
There are some wallets and mining hardware that aren’t very secure and they leave this interface exposed publicly. Once the port has been compromised, hackers can use them to steal funds from Ethereum wallets and miners.
The report stated that “If the Ethereum wallet or mining equipment has been left exposed on the Internet, attackers can send commands to this powerful interface to move funds from the victim’s Ethereum address.”
Apparently, the problem with port 8545 has been around for a while. In August 2015, Ethereum sent out a security advisory to all Ethereum users enlightening them about the risks and dangers involved in using the mining equipment. Ethereum back then advised its users to take precautions by either adding a password on the interface or they can make use of a firewall which would filter incoming traffic for port 8545.
With the risk becoming more apparent, several mining rig vendors have followed the advice of Ethereum and taken steps to eliminate the problem. They have removed the interface altogether while some have decided to limit the usage of port 8545. Despite those efforts, numerous vulnerable Ethereum clients are still available online and hackers seem to be increasing their scan.
Chinese cyber-security firm Qihoo 360 Netlab reported that a group stole more than $20 million in Ethereum at July’s exchange rate. Research companies are now of the view that scans and attacks by hackers would increase once the bear market is over and cryptocurrency prices rise again.
ZDNet revealed that scan activity has tripled over the past week. They further stated that roughly 4,700 devices, mostly Geth mining equipment and Parity wallets have been affected and are exporting their 8545 port. Despite the drop in cryptocurrency prices, hackers have been seeking ways to grab some free loot.