Ethereum Port 8545 Vulnerability Exploited Again

Another wave of hackers is looking to exploit an older vulnerability found in some Ethereum wallets and client applications.

An old vulnerability in some Ethereum wallets, network clients, and nodes is the target of a new attack attempt by groups of hackers who mass-scan IP addresses to gain access to funds.

Troy Mursch, co-founder of Bad Packets, told ZDNet that these attacks have been going on for more than a week, with some activity detected at the beginning of this month. The methodology used by these hackers involves scanning for devices with port 8545 open, a port commonly associated with Ethereum’s “geth” software.

This port is used by the platform to transfer information about funds and mining. Although geth’s communication is primarily supposed to happen within the confines of a local network, the client itself doesn’t configure port 8545 to be local-only by default.

Many other wallets that are used for Ethereum could have this vulnerability if they keep the same port open. If a hacker finds an entry point, he would be able to gain the information needed to move ETH away from the holder’s address.

A few months ago, this same vulnerability allowed hackers tosteal over $20 millionin Ether. The same methodology was used as well, including mass-scanning for port 8545.

This happened over a long period that started somewhere in March, when the hackers’ account had only 3.96234 ETH. By June, that number inflated to 38,642.23856.

A view of the wallet address nearly half a year later shows that it now contains a balance of 44,744.38898 ETH, over $4,100,000. Even in a bear market like this, those hackers are making a significant profit.

The last transaction to the aforementioned account happened 16 hours ago at the time this was written, with a sum of less than 0.00001 ETH transferred. Other transactions showed larger sums taken from various wallets, indicating that it is still finding vulnerabilities in funded wallets.