The hack that occurred on 12/05/2016 to steal 7,218 ethers from Patrick only affects miners where:
geth
;geth
is running with the parameters --rpc
enabled; andgeth
machine and is used to send a transaction, requiring the geth
account to be unlocked for a 2 second period.The hacker sent a continuous stream (every 2 seconds) of sendTransaction(...)
request to Patrick's IP address on port 8545, and this request was forwarded to the geth
instance. When Patrick used the Ethereum Wallet to send a transaction, the Ethereum Wallet unlocked Patrick's account for 2 seconds and the hacker's transaction succeeded in moving Patrick's ethers to the hacker's account.
For more details see the original Stackexchange post
This advice covers only a subset of possible attack vectors. For more, see the original Stackexchange post |
1. Never turn on RPC on hot wallets. Even with IP and CORS limited to localhost. Just don't.
geth # rpc is disabled by default eth # rpc is disabled by default parity # rpc is disabled by default |
2. Never turn on IPC on a machine you don't feel you have complete control about the security. Or use parity.
geth --ipcdisable # ipc is enabled by default, turn it off geth --no-ipc # ipc is enabled by default, turn it off parity # parity has not ipc (yet) |
3. Don't use accounts to store huge amounts of ether. Use multisignature contracts.
4. Don't use online computers to store huge amounts of ether. User air gapped machines or paper wallets.