Researchers from Chinese Cyber Security Firm 360 Netlab have discovered that over $20 million dollars worth of Ethereum has been stolen from users with misconfigured Ethereum applications since March of this year. Just to add a little flavor to the conversation, there were only 3.96 Etherium on the attackers wallet back then, worth around $2K to $3K (USD).

The misconfiguration in question regards leaving the Remote Procedure Call (RPC) interface open on port 8545. If you mine Ethereum and are thinking “Hey! Ethereum Project warned against leaving that port exposed a long time ago!” then CONGRATULATIONS! You win a cookie! If not, you should probably drop what you are doing and go ahead and un-misconfigure your misconfigured configuration.



You can behold the glory of misconfigured misfortune here. Thanks to SCHTASK for the writeup!

Discussion

Source: [H]ardOCP – Misfortunate Misconfiguration = Fortune!