Hackers are scanning computers worldwide for open Bitcoin and Ethereum wallets...


Security researcher Didier Stevens setup a trap, or in digital security terms - a "honeypot".  Think of it as digital sting operation, where someone puts a server online open to attack - but nothing of value is really there, it's only there to record the attacks as they happen.

The logs of these honeypots revealed hackers running scrips aimed at detecting files that contain cryptocurrency wallets.

The filenames included:

wallet - Copy.dat
wallet.dat
wallet.dat.1
wallet.dat.zip
wallet.tar
wallet.tar.gz
wallet.zip
wallet_backup.dat
wallet_backup.dat.1
wallet_backup.dat.zip
wallet_backup.zip

Didier said he's seen activity like this since 2013 - but never at such high volume.

The same is now happening to Ethereum since it's taken a strong hold as the #2 cryptocurrency. Threat hunter Dimitrios Slamaris set up a honeypot and faked having some Ethereum in his wallet.

The hacker checked what software he was running, how much ethereum he had in the wallet, then issued a eth_sendTransaction command in an attempt to steal gas from the previously received account.

It appears the hacker has had some small success too, "The destination account has almost 8 Ethers..." Dimitrios tweeted on Nov 8th.

Since then, there's been a few more transactions coming in, as well as a transfer going out to the ShapeShift exchange.
A look at the wallet activity of the hacker.

The lessons to take from this are: Your wallet shouldn't be named "wallet", and even better, your wallet shouldn't be on a computer that's online, or at the least, behind a strong firewall.
-------
Author: Ross Davis
San Francisco News Desk