main page > Blog >

 

Ethereum Wallet/Mining Client Vulnerability - AMLT Crypto Alert of the Week

Dec 20, 2018

about us

A recognised leader in their field and ranked among the most influential and regtech companies, Coinfirm serves as a foundation for the safe adoption and use of blockchain.


follow us

Welcome to week 19 of the Crypto Alert of the Week series by AMLT, a series dedicated to documenting interesting or high profile frauds/hacks etc that recently happened and have been reported into the AMLT Network and show how the AMLT Network can help track and prevent it in the future.

Some attack vectors, especially those based on software interdependencies are incredibly tough to root out, even when most of the industry is aware of them. The latest example of that is an old Ethereum wallet/mining client vulnerability that has once again resurfaced and lets hackers steal all the victim's funds.

The first reports of hackers looking for vulnerable clients go more than a year back, the target being any crypto-related machine that has an exposed port 8545. The port is a default one used by a JSON-RPC interface. The API – used to query for mining and wallet related information, should be only reachable locally, unfortunately some software is left misconfigured, leaving them exposed.
(example of a scanning request pictured below).

Recent reports have indicated that such requests have again started spiking. The
root of the exploit lies in the unconfigured Geth interface, which doesn’t come with a password by default. That means, if the API is exposed to others, anyone can just send commands to it and easily withdraw all the funds.

Despite Ethereums price being so low at this time of the year, the ease of this attack has, once again, brought in many hackers looking for potential victims with the amount tripling in last two weeks. That isn’t all that surprising since the richest account related to such hacks has amassed nearly 45,000 ETH, which amounts to over 4 million dollars even with current exchange rates.

At Coinfirm and the AMLT Network, we believe in setting the highest standards for the industry. If anyone notices such an attack, they can report the attacker through the AMLT panel or widget. The submitted data is then analyzed and processed by our data science team for validation of submitted data. Once flagged entities using the Coinfirm AML Platform such as exchanges can see the source and potentially freeze the funds and prevent further risk spreading through the ecosystem. This helps the crypto economy become safer and more transparent while fighting malicious actors. Below you can find a Coinfirm AML Risk Report for the Geth hackers address after data submission and verification by the AMLT Network. Now any entity using the Coinfirm AML Platform can not only avoid the risk associated with this address but also help stop the further spread of it.

If you're interested in partnering with Coinfirm or becoming an AMLT Network Member then contact us!

Thank you for your continued support and make sure to follow all of our latest updates on Twitter, Facebook, LinkedIn and Telegram Community.

Sincerely,
The AMLT Team