Incorrectly configured EOS nodes …
Misconfigured EOS nodes can transfer private keys to the network
Attackers are scanning the Internet for EOS nodes that might be distributing their private keys due to a misconfigured API, writes Bleeping Computer.
As GreyNoise reported, the scan started on Tuesday and all suspicious activity comes from the IP address 18.104.22.168.
The scanning began a few hours after the publication of the material by the Chinese company Qihoo 360, which reported a “series of grandiose vulnerabilities” in the EOS software, allowing remote code execution on nodes and causing a number of undesirable consequences, but the latest attack seems to be related to this message does not have.
However, it is directly related to a report published a week ago on GitHub, which refers to an issue in the EOS RPC API endpoint leading to the disclosure of private keys of EOS accounts..
According to a report on GitHub, there is no authentication system that protects the endpoint of this API, and information is transmitted to the network through the public interface of the EOS nodes..
Obviously, the organizer of the attack read the report on GitHub and is now trying to find nodes whose owners did not take the necessary measures to ensure their security..
However, the situation is not as critical as it might seem. As reported by one of the EOS developers, this API endpoint is not a standard element of the EOS API and is only included in the wallet_plugin file. This plugin is used for testing, that is, in practice, a very small number of nodes will use it with a direct connection to the Internet, and, as a rule, it does not run on production nodes.
In any case, all EOS node owners who have not yet done so should disable the plugin on their worker nodes and use a different method to handle private keys..
Earlier, the EOS developers announced that they had fixed the vulnerability discovered by Qihoo 360, adding that it was not as serious as the Chinese company wrote about it..
China is experiencing a sixfold increase in the number of firms in which names appear “blockchain” According to the South China Morning Post, in China…
Hardware wallet maker Legder raises $ 75 million in funding French company Legder, which produces hardware wallets for…
Winklevoss Brothers Launch USD-Backed Ethereum Token NYS Department of Financial Services has approved Gemini Trust’s request for…
Fidelity Investments may launch crypto products before the end of the year Fidelity Investments CEO Abigail Johnson announced that her company is working on…
The Monero community is watching the hard fork with bated breath The controversial hard fork of the anonymous cryptocurrency Monero was initiated this night, but…