Ethereum Pickpockets on the Prowl


Take a look at Ethereum today, and you’ll be hearing sad trombone sounds in your head.

ETH value hasn’t poked its head above the hundred dollar mark since last week, and that’s bad news for anybody who’s short on this classic cryptocurrency.

However, there’s more bad news, and it’s related to the picking of digital pockets.

Reporters looking at news out of the crypto security community are seeing that a type of scan grab is still underway where hackers are targeting mining rigs and wallets to steal Ethereum from holders.

Bad Packets LLC, a cybercrime monitoring firm, is notifying the ETH community that a loss of Ethereum value hasn’t led these bad actors to stop trying to get their hands on the cryptocurrency.

“Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it’s pennies a day,” Bad Packets co-founder and security researcher Troy Mursch commented this week, according to Cointelegraph.

How does this particular type of theft work?

Hackers look for devices that have an exposed ‘port 8545’ on the Internet.

This port handles the JSON/RPC (JavaScript Object Notation/ Remote Procedure Call) interface for Ethereum wallets and mining infrastructure. It helps parties look for mining and price information online.

The problem is that without the right settings, the port 8545 might be globally exposed – and without a password in place, or sufficient firewall setups, it may be fairly easy for unauthorized parties to come in and snatch ETH out of wallets.

“It’s  easy money for the hacker,” writes Christina Comben at Bitcoinist.  “All they have to do is locate the wallet or mining equipment, send the right commands, and remove all the Ethereum from the victim’s address … Ethereum has long been aware of the port 8545 issue … and advised of the danger of using the type of equipment and also let Ethereum users know that this software exposes the API interface to the internet.

…The warning worked for some time, but memories are short in the crypto-sphere. While plenty of miners and wallet makers either took the appropriate precautions or removed the JSON-RPC interface completely, the effort wasn’t industry-wide.”

Groups like the Cyber Threat Alliance are notifying the public about these types of cryptocurrency, fraud and related issues like cryptojacking. Cryptojacking happens when dishonest operators hijack part of a user’s device performance to mine for bitcoin or other coins. CTA points out that both cryptojacking and certain kinds of coin thefts are based on remote control of someone else’s device.

Just like with home or local wireless access network systems where passwords and firewalls help keep out malware and Trojans, Ethereum holders have to look out for specific kinds of digital assault. That means keeping on top of industry standards and recommendations from cyber security experts. As they say, it may be a bit devalued, but Ethereum is still valuable enough to steal.