What bad things could happens if Bitcoind RPC is public?

1

It is always suggested to enforce authentication on Bitcoind RPC. However, in case the RPC authentication get compromised (or if it is public), what kind of bad things could happens?

First I could think of money lost

First wallets are exposed and all the private key will get exposed, and it essentially mean all your Bitcoins can get stolen

Second with setTxFee function, any transaction created using the node will either has insufficient fee or just too much fee

Apart from money lost, is there any other things that may potential happens?

For example, if I just run the node as a block tracker and monitor if any money sent into my address. Does RPC has the ability to affect them as well?

Calvin Lau

Posted 2018-03-02T04:27:31.597

Reputation: 143

Answers

1

Recently ELectrum had that bug, First of all, if your wallet were not encrypted you will lose your funds and that is the most dangerous thing might happen.

If safe mode is enabled disablesafemode=1 You will avoid any danger RPC Calls.

Safe mode is a feature that disables a subset of RPC calls - mostly related to the wallet and sending.

If you want to make your server public, Enable safe mode and disable wallet access.

Adam

Posted 2018-03-02T04:27:31.597

Reputation: 3 215