Hackers are looking for any device on the network whose port 8545 is not protected from scanning on the Internet. Port 8545 is a standard port for the JSON-RPC interface of certain types of Ethereum mining equipment (in particular, Geth) and Ethereum wallets.
This JSON-RPC interface is an API that allows locally installed services and applications to find the relevant mining and price information.
For security reasons, the interface, in theory, should only be available locally. Nevertheless, some mining equipment and wallet applications make it accessible to all interfaces.
Many JSON-RPC interfaces do not have a default password. This means that if the user has not installed it, the device will be completely open.
This is a very easy prey for a hacker. All they need to do is to find a wallet or mining equipment, send the right commands and remove all Ethereum from the victim’s address.
They also recommended that users take extra precautions by adding a password or using a firewall to block unwanted incoming traffic for port 8545.
The warning worked for some time, but the memory in the cryptocurrency space is short. Despite the fact that many miners and purse manufacturers used appropriate precautions or completely removed the JSON-RPC interface, these efforts were not across the industry.
Back in 2015, hackers did not target Ethereum and the attacks were not so common, but when the cryptocurrency reached its maximum value of $ 1,300 in January 2018, loud hacks began to appear in this way.
As the price of altcoins fell by about 90%, the problem of port 8545 receded into the background.
But don’t let the low price fool you. Even if ETH is trading for less than $ 100, hackers are on the alert. They will still take small amounts from a large number of people and make large profits over time.
Troy Marsh said:
Despite the fact that cryptocurrencies fall in price, easy money remains so, even if it is a penny a day.
According to Twitter, Bad Packets found that hacker activity actually tripled compared to last month, despite the price that went down.
It is estimated that approximately 4,700 mining devices (most of which are used by Parity and Geth clients) currently have port 8545 unprotected. Worse, hackers can even find free tools to exploit this vulnerability and attack Ethereum users through this port.
So, if you didn’t know anything or focused all your attention on price, just remember: never leave your door (or your port 8545) completely open.