Incicent


Summary

The hack that occurred on 12/05/2016 to steal 7,218 ethers from Patrick only affects miners where:

The hacker sent a continuous stream (every 2 seconds) of sendTransaction(...) request to Patrick's IP address on port 8545, and this request was forwarded to the geth instance. When Patrick used the Ethereum Wallet to send a transaction, the Ethereum Wallet unlocked Patrick's account for 2 seconds and the hacker's transaction succeeded in moving Patrick's ethers to the hacker's account.

For more details see the original Stackexchange post

Advice

This advice covers only a subset of possible attack vectors. For more, see the original Stackexchange post

1. Never turn on RPC on hot wallets. Even with IP and CORS limited to localhost. Just don't.

geth # rpc is disabled by default
eth # rpc is disabled by default
parity # rpc is disabled by default

2. Never turn on IPC on a machine you don't feel you have complete control about the security. Or use parity.

geth --ipcdisable # ipc is enabled by default, turn it off
geth --no-ipc # ipc is enabled by default, turn it off
parity # parity has not ipc (yet)

3. Don't use accounts to store huge amounts of ether. Use multisignature contracts.
4. Don't use online computers to store huge amounts of ether. User air gapped machines or paper wallets.