Even after the Ethereum project had already given a warning in August 2015, many users have still fallen prey to hackers playing old tricks just to steal large amounts of Eth. The most recent nabbing amounted to a staggering $20 mln worth of Eth, reports said on June 11.
The hackers were able to steal the said amount of Eth by accessing applications through the Ethereum software, which then configured their interface to reveal a Remote Procedure Call (RPC). The said interface permits third party users to inquire, interact with, and obtain data from the said service platform. Simply said, those who can get access to the interface could obtain private keys and view the owner’s own hidden information, and, as many have dreaded, transfer funds.
This is usually turned off by many applications by default, but even though it is on, the algorithm permits only for those applications that are locally-run. Or so it should. And in the case of Ethereum, developers do not configure the same at all times.
Interestingly, Qihoo 360 Netlab, a Chinese cybersecurity firm, observed in March of at least one ‘treat actor’ who was invoking a massive scan for compromised Ethereum softwares with RPC interfaces. 360 Netlab tweeted that by far, the said ‘threat actor has already gotten “3.96234 Ether on its account.”
Furthermore, the cybersecurity firm concluded that the scans continued until June 11. Not only did it continue to do so, but it seemed that more ‘threat actors’ joined the fray, nabbing 38,642.7 Ethers ($18 mln).
The Ethereum team has yet to comment on the said issue.