A Chinese company Qihoo 360 which specializes in cyber security announced that unknown people managed to hack some of the apps based on Ethereum and illegally transfer $20 million worth of this cryptocurrency to their digital wallet.
According to the company, the attempts to conduct such kind of an attack have begun earlier this years. The criminals were surfing the Internet looking for vulnerable Ethereum-based apps and mining equipment. However, back in March, they only managed to stole around 4 ETH. This time the sum jumped up to almost 40k ETH, which is 20.5 million in US dollars.
Remember this old twitter we posted? Guess how much these guys have in their wallets? Check out this wallet address https://t.co/t4qB17r97J $20,526,348.76, yes, you read it right, more then 20 Million US dollars https://t.co/SXHrdTcb6e
— 360 Netlab (@360Netlab) June 11, 2018
The attackers took advantage of unsecured Remote Procedure Call interfaces of some apps. RPC can give access to some personal information, like wallet address, using an API, that is why most apps tend to turn it off to secure the users and their money. Apparently, there were still some apps which had it, and the hackers immediately found this vulnerability.
Later on, Qihoo 360 published addresses of the wallets used by the hackers to steal the money.
Hackers have been using the following wallet addresses (among others) to steal Ethereum from misconfigured ethereum clients. (sorry have to use screenshot due to twitter's character limit) pic.twitter.com/YDxvrD801L
— 360 Netlab (@360Netlab) June 12, 2018
Hacker attacks are getting more frequent and well-planned almost on a daily basis. We would like to remind you that $152 thousand was stolen from the users of MyEtherWallet not so long ago. With the situation worsening, cryptocurrency holders should be extremely careful, while developers and companies should be definitely updating and strengthening their security systems.
Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/