Ethereum Miners May Be Exposed to a Hacker Mass-Scan Campaign

Ethereum vulnerability

Think you’re working hard at making an extra income even while prices are down? If you’re not careful and don’t heed the warnings about port 8545, you may just see all your ETH disappear overnight.


According to crypto-jacking and cybersecurity research firm Bad Packets, a mass-scan campaign is active at the moment. Hackers are on the lookout for internet-exposed Ethereum mining equipment and wallets.

Bad Packets Co-Founder Troy Mursch told ZDNet that this scanning campaign has actually been active for over a week, starting on December 3.

Scanning for Exposed Wallets and Mining Equipment

Hackers search the net for any devices that have port 8545 exposed on the internet. If you’re not sure what that is, it’s basically the standard port for the JSON-RPC interface of certain types of Ethereum mining equipment (particularly Geth) and Ethereum wallets.

This JSON-RPC interface is an API that allows locally-installed services and apps to find relevant mining and price related information.

For security reasons, the interface should, in theory, only be locally exposed. However, some mining equipment and wallet apps and make it available on all interfaces.

To add insult to injury, many of the JSON-RPC interfaces don’t come with a default password. This means that if the user has failed to set one, the device is completely exposed.

It’s easy money for the hacker. All they have to do is locate the wallet or mining equipment, send the right commands, and remove all the ethereum [coin_price coin=ethereum] from the victim’s address.

Port 8545 Is Not a New Problem

Ethereum has long been aware of the port 8545 issue and sent out a warning to all miners using Geth equipment back in 2015. They advised of the danger of using the type of equipment and also let Ethereum users know that this software exposes the API interface to the internet.

They also recommended that users took extra precautions by adding a password or using a firewall to block unwanted incoming traffic for port 8545.

The warning worked for some time, but memories are short in the crypto-sphere. While plenty of miners and wallet makers either took the appropriate precautions or removed the JSON-RPC interface completely, the effort wasn’t industry-wide.

Moreover, there’s more than one way to fall victim to vulnerabilities in the Ethereum network. Just last month, researchers found another major flaw that allowed hackers to drain exchanges by burning their ETH on high transaction costs.

Don’t Let Ethereum’s Tanking Price Deceive You

Back in 2015, hackers scouring for ETH were not so prevalent, but when Ethereum reached giddy heights of over $1,300 in January 2018, plenty of high-profile hacking attacks began coming to light.

Among the worst of these happened in June 2018 when a scanner managed to amass over $20 million worth of Ethereum at the then-price of around $600.

Since the price has tanked with the altcoin seeing some 90% shaved off its value, the port 8545 issue has been buried in the background.

But don’t let the low price deceive you. Even if ETH is trading at less than $100 these days, hackers are indiscriminate. They will still take a small amount from a lot of people and make a large profit over time. Said Mursch:

Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if it’s pennies a day.

According to their Twitter account, Bad Packets found that the scan activity had actually tripled compared to last month despite the rock-bottom price.

It’s thought that around 4,700 devices (most of which are Parity wallets and Geth mining equipment) are currently exposing their port 8545. Worse still? Hackers can even find free tools to exploit this vulnerability and attack Ethereum users through the port.

So if you’ve been lax on your security or focusing all your attention on the price, just remember never to leave your back door (or your port 8545) completely wide open.

Will this vulnerability further hurt ETH price? Share your thoughts below! 


Images courtesy of Shutterstock, Bad Packets LLC

Exit mobile version