From zdnet.com
Hackers have set off in motion a massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment, ZDNet has learned today.
The mass-scan campaign has been raging for at least a week, since December 3, Troy Mursch, co-founder of Bad Packets LLC told ZDNet.
Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information.
In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces. Furthermore, this JSON-RPC interface, when enabled, also does not come with a password in default configurations and relies on users setting one.
If the Ethereum wallet or mining equipment has been left exposed on the Internet, attackers can send commands to this powerful interface to move funds from the victim’s Ethereum addresses.