Security researchers had warned a few months ago about cyber criminals who managed and stole more than 19 millions of dollars by taking control of vulnerable Ethereum nodes. Qihoo 360 did one tweet in March on this criminal, who scanned the 8545 port, looking for vulnerable clients. At the time of publishing the tweet, he had managed to steal nearly 4 Ethereum.
However, last week the same researchers they discovered a different group of criminals who managed to steal 38.642 Ethereum, totaling approximately 19.3 million dollars. The cryptobodies originate from Ethereum nodes that have enabled the JSON-RPC (8545 port), a protocol that allows remote control of the Node, and gives access to functions such as sending Ethereum to another address.
Making a simple Google search with hacker's address where the currencies of all the broken nodes ended, one can find hundreds of blog posts and forum reports from users who were unfortunate to fall victim.
According to a publication made by official blog of Ethereum before 3 years, leaving JSON-RPC enabled on a device that has internet access without a firewall is vulnerable to such attacks. Anyone who knows the address of the wallet in conjunction with its IP, can take control of the system.
Qihoo 360 Netlab warns that many are constantly scanning for vulnerable systems, and urges users to block remote connections to their systems, allowing only local ones. In addition, the application of a user-authorization in case the remote connection is necessary, is recommended.