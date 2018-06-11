Hackers Stole Over $20 Million From Misconfigured Ethereum Clients (bleepingcomputer.com) 20
Catalin Cimpanu, writing for BleepingComputer: A group of hackers has stolen over $20 million worth of Ethereum from Ethereum-based apps and mining rigs, Chinese cyber-security firm Qihoo 360 Netlab reported today. The cause of these thefts is Ethereum software applications that have been configured to expose an RPC [Remote Procedure Call] interface on port 8545. The purpose of this interface is to provide access to a programmatic API that an approved third-party service or app can query and interact or retrieve data from the original Ethereum-based service -- such as a mineror wallet application that users or companies have set up for mining or managing funds. Because of its role, this RPC interface grants access to some pretty sensitive functions, allowing a third-party app the ability to retrieve private keys, move funds, or retrieve the owner's personal details.
