Hi all,

just wanted to warn those of you who like us are exposing your own blockchain / testnet via RPC, you need to take extra measures to protect against bot attacks there.

In our case someone (likely an automated script) has been able to access our Ethereum based development testnet via an open RPC port and transfer virtual Ether from a coinbase account. Luckily it wasn't a real currency and just a development testnet. However this shows are there are automated scripts / bots out there scanning for these kind of vulnerabilities.

Quick solution is to change port number from a default 8545 to some other arbitrary value.
Proper solution would be use Linux firewall and/or IP whitelisting.

More details in our blog post here:
https://www.dappros.com/201908/report-attack-on-dappros-platform-testnet/