Beware Ethereum Miners: Hackers Are Out To Get You

If you know how to mine Ethereum and often put your skills to use, you should probably take a crash course in surviving advanced hacker attacks. Research and analysis site ZDNet has recently reported that Ethereum miners have become extremely vulnerable to hackers trying to siphon off their cryptocurrencies.

While hackers usually employ several ingenious ways of stealing people’s assets, they have lately trained their attention on Ethereum miners. They are conducting a humongous scanning campaign to identify and specifically target wallets containing ETH tokens or Ethereum miners who have a crucial security loophole.

According to the report, the cryptocurrency hackers are apparently focusing on robbing those Ethereum wallets and mining hardware that have to pass through devices that have their port 8545. Port 8545 is the normative standard for most devices that have a JSON-RPC interface. Now, the JSON-RPC is basically a programmatic API that can be placed on a locally located device and used to fetch information concerning the mining process.

Earlier, even the developers of the Ethereum network themselves had issued a warning to the miners and other users, cautioning them about the risks of exposing the JSON-RPC Interface while using it alongside the Ethereum protocol’s software or mining hardware. To avoid this problem, users were encouraged to make use of basic safety precautions like using a password and activating a firewall.

Normally, the JSON-RPC Interface doesn’t have a password setting by default and it is imperative for users to take that extra step and assign a password. If the port is left exposed, it serves as an unmanned post that hackers can use for transmitting API commands. This subsequently results in a remote transfer of the crypto holdings connected to that account.

The report additionally notes that developers of Ethereum wallets and producers of miner rigs have issued adequate warnings and now it was up to the users to implement them. Even in a depressing market situation as the one we’re seeing currently has not meant that such scanning campaigns have lessened. If anything, they have increased in number. As Bad Packets LLC co-founder Tony Mursch said that the number of such scanning campaigns this month had become three times that in November, saying:

“Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it’s pennies a day.”