$20 Million Worth of Ethereum Stolen Due to Geth Vulnerability

  • 218
  • 420

While hackers already hunt for ways to steal money, some vulnerabilities further allow them for successful crypto hacks. Recently, experts from Chinese cybersecurity firm Qihoo’s 360 Netlab revealed a massive theft of $20 Million worth of Ethereum by hackers. Apparently, a Geth vulnerability allowed the hackers to make this theft possible from unsafe clients.

Geth Vulnerability Made Ethereum Clients Unsafe

A few months ago, 360 Netlab, a Chinese cybersecurity company, told crypto traders about how a Geth vulnerability could let hackers steal money. The issue affected port 8545 which allowed for a hacker to access Geth clients.

Now, the researchers confirm that their speculation was right. In fact, not only they confirmed the vulnerability, but they also proved its functionality. According to their recent tweet, hackers have already stolen Ethereum from unsecured Geth clients worth $20 million.

Geth is a famous client meant for running full Ethereum nodes that enables the users to manage them remotely through JSON-RPC interface. According to 360 Netlab, Geth by default ‘listens on port 8545’. The hackers, thus, actively look for vulnerabilities in this 8545 port to steal cryptocurrency. Usually, this port is available only locally and is not open to the external internet. Therefore, anyone having this port open publicly is a target for being hacked.

Securing Your Wallets From Hackers

A quick scan of the hacker’s address will let you know the exact amount. When LHN looked over the hackers account (0x957cD4Ff9b3894FC78b5134A8DC72b032fFbC464), the amount stolen seems to have increased further, crossing the amount of Ether reported earlier (38,642.23856 ETH). At the time of writing this article, the hacker’s wallet shows 38,642.68624 ETH as available.

Hacker steal Etheruem from Geth vulnerability

This proves that the hackers are still actively stealing money from unsecured wallets. According to 360 Netlab, you can view these addresses in the payload.

“If you’ve honeypot running on port 8545, you should be able to see the requests in the payload which has the wallet addresses. There are quite a few IPs scanning heavily on this port now.”

The researchers have also disclosed some wallet addresses that supposedly belong to hackers.

Users should only connect with Geth clients from local computers. They can also enable user-authorization for remote RPC connections.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!