A wallet address associated with hackers that scanned for vulnerable geth clients is now filled with over $20 million in ETH.
Insecurely-configured clients running geth—a command-line interface program that runs Ethereum network full nodes— enabled the theft of over $20 million in ETH over the last few months.
This started when a cybersecurity company noticed that hackers were scanning IP addresses to see whether they had port 8545 open. The port is used by geth to communicate with the Ethereum network.
If hackers would find the port open, they’d be able to probe into it and determine whether the geth client was configured insecurely or not. Normally, this port is open only locally and not available to the external internet.
Those who allowed the port to be open to the public, however, weren’t so lucky.
When 360 Netlab made the announcement, the hackers had only managed to get their hands on 3.96234 ETH.
Our latest scan of the hackers’ wallet address now shows us that the hackers have 38,642.23856 ETH in their wallet. That amounts to $20.2 million, all because an alarming number of users are ignorant of the fact that they should only allow geth to listen to port 8545 from “localhost,” or IP 127.0.0.1.
We suggest that anyone running geth right now should do two things: Make sure that your listener is only listening locally, and change the port to something else to ensure you won’t be picked up by scanners.
We’re barely at the middle of the year and in April we found that over half a billion dollars in cryptocurrency has gone to hackers.
Remedying this situation should be, by far, one of the top priorities for any developer making applications that operate on cryptocurrency blockchains. One bad application could undo the trust that millions of people have in the coins they’ve invested in, further driving down the price and market capitalization of the entire ecosystem.