Misconfigured Ethereum clients – this vulnerability has been exploited to steal from Ethereum network the sum equivalent to 20 mln USD. The hackers configured the network interface to expose a remote procedure call (RPC), which allows third parties to access the private keys and information of the clients.
Most apps disable this interface by default, and those that allow, allow access to apps only that are run locally. However, if one knows how to exploit it, then, you can see the results. The Ethereum project developers know long time about this vulnerability, so, usually, the network is configured to keep this option available only for apps that run locally, however, many developers re-configure the option even without knowing it.
According to a network security company report, Oihoo 360 Netlab, there were identified mass-scans for exposed software with RPC interface on port 8545. The actor didn’t have much money on the account for then, just around 2000 – 3000 USD, but that is free money!
On the 11th of June, after reviewing the research, the Netlab team informed that the port is still there, however, the actors number increased. For now, the current number of siphoned ethers equals 18.1 mln USD. Free money!
Neither Ethereum developers nor Vitalik Buterin haven’t commented the situation yet.