TechFlow news — StarkWare ecosystem lead @dimahledba posted on X, highlighting serious security vulnerabilities in the Fractal Bitcoin node.
He warned users running the Fractal Bitcoin node with the official Docker image to exercise caution, as RPC credentials are hardcoded and cannot be configured via environment variables. Additionally, the RPC server is publicly exposed, making it susceptible to attacks.
He listed multiple security issues, including RPC connections allowed from any IP address, security risks associated with ZeroMQ connections, and unlimited connection limits.
He also criticized the management of Fractal's GitHub organization, noting that official repositories are difficult to locate, which could lead to potential scam risks. He emphasized that these issues expose node operators to dangerous attacks and described such practices as "unserious."




