12 BTC stolen 1 hour Ago.Session Hijacked?How is that possible?

juggernut

newbie

Activity: 36

Merit: 0

Quote from: arieq on October 15, 2014, 07:11:37 PM

Do not use TOR, there's a vulnerability in TSL/SSL that could have allowed someone to read your encrypted traffic, read this explanation thread by theymos (forum admin)

https://bitcointalksearch.org/topic/poodle-vulnerability-825058

I already read bad reviews about TOR that is why I will not use it ever.

arieq

sr. member

Activity: 364

Merit: 256

Do not use TOR, there's a vulnerability in TSL/SSL that could have allowed someone to read your encrypted traffic, read this explanation thread by theymos (forum admin)

https://bitcointalksearch.org/topic/poodle-vulnerability-825058

bestincome

newbie

Activity: 22

Merit: 0

never use online wallet, you can use multibit client , so your coin is safe as long your computer / laptop not been compromised.
I safe my key / also wallet.info in encrypted hardisk , no one can open it unless they know the password and key to open it.

you may try : multibit.org for your bitcoin wallet, and truecrypt.org to encrypted your hardisk.

vm1990

legendary

Activity: 1540

Merit: 1002

Quote from: btcxyzzz on October 15, 2014, 12:07:35 PM

Using Windows? Dump that shit and install an operating system. You know which.

linux has major issues to not just windows look at the bash exploit for example. its all about the user keeping everything safe and secure not about the O.S

btcxyzzz

legendary

Activity: 888

Merit: 1000

Monero - secure, private and untraceable currency.

Using Windows? Dump that shit and install an operating system. You know which.

vm1990

legendary

Activity: 1540

Merit: 1002

Quote from: dothebeats on October 15, 2014, 09:40:25 AM

Quote from: shorena on October 15, 2014, 05:01:55 AM

Quote from: hodap on October 14, 2014, 11:32:28 PM

Didn't know exit node can comprise a user identity.

Is this exploit being used by government also?

Yes [1] and Tor is aware of it [2].

tl;dr:

Quote

Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.

[1] dont worry its in english even though its a german domain http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
[2] https://blog.torproject.org/blog/being-targeted-nsa

Edit: that FBI operation "torpedo" link I didnt find earlier: www.wired.com/2014/08/operation_torpedo/

Really noob question: If Tor users are aware that the Tor network is always under surveillance by the government, how come most of the dark activities concealed by this not-so-hidden-network at all?

Sorry i don't understand much about the Tor's concept. Thanks for the information about the mismatch of Tor and the blockchain. Never knew that using the Tor network may steal my coins.

tor works in a few diffrent was the 2 main ways are

1. Tor hosts and allows access to the Dark-net (.onion)
2. Tor allows people to use it as a VPN to anonymize normal internet usage

both are to protect the user more than anything
the downside with 2 is while the user is protected from people seeing where there coming from the exit nodes know where there going and if you get a bad exit node then that exit node can know what website your going to and your log in details.

it like walking around with a mask on and withdrawing £1000 from a cash machine people dont know who you are but anyone watching can easily take the £1000 off you

JLynn171

sr. member

Activity: 406

Merit: 250

I think its now legal for the FBI to add malicious programs to TOR browsers.... maybe the FBI is back on a stealing spree :;-P

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: dserrano5 on October 15, 2014, 10:07:02 AM

Quote from: dothebeats on October 15, 2014, 09:40:25 AM

Really noob question: If Tor users are aware that the Tor network is always under surveillance by the government, how come most of the dark activities concealed by this not-so-hidden-network at all?

There's a difference between using tor to access the regular internet and using tor to access hidden services. Those are more difficult to wiretap.

This and I didnt claim that the users are aware of it. Just because someone from the project is aware about the situation does not mean every user is aware.

dserrano5

legendary

Activity: 1974

Merit: 1029

Quote from: dothebeats on October 15, 2014, 09:40:25 AM

Really noob question: If Tor users are aware that the Tor network is always under surveillance by the government, how come most of the dark activities concealed by this not-so-hidden-network at all?

There's a difference between using tor to access the regular internet and using tor to access hidden services. Those are more difficult to wiretap.

yakuza699

hero member

Activity: 935

Merit: 1002

This thread probably explained how my coins were stolen from blockchain.info as I didn't installed anything on my previous PC but was using TOR. Sorry for you loss I had my coins stolen too but they stole only 0.3 from me I hope you will re-earn them fast.

dothebeats

legendary

Activity: 3542

Merit: 1352

Cashback 15%

Quote from: shorena on October 15, 2014, 05:01:55 AM

Quote from: hodap on October 14, 2014, 11:32:28 PM

Didn't know exit node can comprise a user identity.

Is this exploit being used by government also?

Yes [1] and Tor is aware of it [2].

tl;dr:

Quote

Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.

[1] dont worry its in english even though its a german domain http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
[2] https://blog.torproject.org/blog/being-targeted-nsa

Edit: that FBI operation "torpedo" link I didnt find earlier: www.wired.com/2014/08/operation_torpedo/

Really noob question: If Tor users are aware that the Tor network is always under surveillance by the government, how come most of the dark activities concealed by this not-so-hidden-network at all?

Sorry i don't understand much about the Tor's concept. Thanks for the information about the mismatch of Tor and the blockchain. Never knew that using the Tor network may steal my coins.

zetaray

hero member

Activity: 658

Merit: 500

Tor is designed for anonymous browsing, not anonymous banking. You are asking for trouble if you use tor to manage your finances.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: hodap on October 14, 2014, 11:32:28 PM

Didn't know exit node can comprise a user identity.

Is this exploit being used by government also?

Yes [1] and Tor is aware of it [2].

tl;dr:

Quote

Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.

[1] dont worry its in english even though its a german domain http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
[2] https://blog.torproject.org/blog/being-targeted-nsa

Edit: that FBI operation "torpedo" link I didnt find earlier: www.wired.com/2014/08/operation_torpedo/

dserrano5

legendary

Activity: 1974

Merit: 1029

Quote from: miohtama on October 14, 2014, 06:30:17 PM

There are malicious Tor exit nodes targeting Bitcoin services. They will do man-in-the-middle HTTPS attack against your Bitcoin website. This is only successful if you accept the invalid security certificates of the website.

Hopefully the exit nodes doing this would eventually be awarded the BadExit flag so they are no longer chosen as exits. Unfortunately this isn't automatic (yet?) so we'll have to live with this problem.

KIRAZ

sr. member

Activity: 392

Merit: 250

Why was you using Tor with blockchain i don't even check my email accounts over tor.
I'm sure that your session got hijacked because of those tor proxies.

el kaka22

legendary

Activity: 3654

Merit: 1165

www.Crypto.Games: Multiple coins, multiple games

Quote from: H.W.Z on October 14, 2014, 11:31:30 PM

Quote from: el kaka22 on October 14, 2014, 11:12:39 PM

Quote from: Meuh6879 on October 14, 2014, 07:05:05 PM

Quote

i logged into my wallet a few hours later

Don't use fucking online wallet !

so where i can get offline wallet ? im new about bitcoin
can you shared the link
i want use that

go here https://bitcoin.org/en
The official Bitcon website! You can learn a lot of basic knowledge from there and download the wallet.

ok ,, will check it
thank yaa

niothor

hero member

Activity: 826

Merit: 501

in defi we trust

When you connect to tor you connect to hundreds or thousands of different computers....Hence why your coins were snatched up so quickly.
Tor and any place that requires authentication is a bad idea.

Pente

hero member

Activity: 528

Merit: 527

I wish to thank all the people who have taught me that TOR and online wallets don't mix.

As for 2FA, I did that on my own.

hodap

full member

Activity: 306

Merit: 102

Didn't know exit node can comprise a user identity.

Is this exploit being used by government also?

H.W.Z

hero member

Activity: 574

Merit: 500

Quote from: el kaka22 on October 14, 2014, 11:12:39 PM

Quote from: Meuh6879 on October 14, 2014, 07:05:05 PM

Quote

i logged into my wallet a few hours later

Don't use fucking online wallet !

so where i can get offline wallet ? im new about bitcoin
can you shared the link
i want use that

go here https://bitcoin.org/en
The official Bitcon website! You can learn a lot of basic knowledge from there and download the wallet.

el kaka22

legendary

Activity: 3654

Merit: 1165

www.Crypto.Games: Multiple coins, multiple games

Quote from: Meuh6879 on October 14, 2014, 07:05:05 PM

Quote

i logged into my wallet a few hours later

Don't use fucking online wallet !

so where i can get offline wallet ? im new about bitcoin
can you shared the link
i want use that

kokojie

legendary

Activity: 1806

Merit: 1003

Your TOR session was attacked by malicious exit nodes using "Man in the middle" attack. Always make sure you are using HTTPS with valid certificate, or just don't use TOR for something financial related, use a private VPN/SSH tunnel for this.

Meuh6879

legendary

Activity: 1512

Merit: 1012

Quote

i logged into my wallet a few hours later

Don't use fucking online wallet !

miohtama

newbie

Activity: 26

Merit: 0

Quote from: meowmeo9 on October 14, 2014, 06:14:10 PM

How is that possible?
I use Tor over block chain and as i logged into my wallet a few hours later all my BTC's were hijacked.
I use for only to be secure and never thought it might be a problem.
Is there an explanation for this ? I never downloaded anything! so its impossible its a virus.
Any one has any ideas how it can happen ?
I seen it happened to a few people already.

There are malicious Tor exit nodes targeting Bitcoin services. They will do man-in-the-middle HTTPS attack against your Bitcoin website. This is only successful if you accept the invalid security certificates of the website. The web browser gives a big red warning "DON'T GO TO THIS SITE THE CERTIFICATE DOESN'T MATCH". If the user clicks yes and then the secure connection is compromised and the Tor exit node can steal your Bitcoins.

You can read more about the attacks against the Tor users here.

Thus, Tor should not be recommended for the users who are not technically-sawy enough to avoid risks like this.

Other potential risks and compromises and how to protect yourself against them

MGGB

full member

Activity: 236

Merit: 100

I also just read somewhere that Tor and Non-Darkweb sites like block-Chain don't work well together, because of security issues, and it did explain why, I can't remember, I will see if I can find the post.

Also sorry for your loss, that's a bummer Sad

virtualx

hero member

Activity: 672

Merit: 508

LOTEO

I saw another thread about it. Perhaps it's related with tor or an exploit targeting tor.
Which OS are you on?

MegaHustlr

hero member

Activity: 601

Merit: 500

Vote 4fryn :)

Biggest question:
Did you have 2FA?

meowmeo9

newbie

Activity: 1

Merit: 0

How is that possible?
I use Tor over block chain and as i logged into my wallet a few hours later all my BTC's were hijacked.
I use for only to be secure and never thought it might be a problem.
Is there an explanation for this ? I never downloaded anything! so its impossible its a virus.
Any one has any ideas how it can happen ?
I seen it happened to a few people already.

Topic: 12 BTC stolen 1 hour Ago.Session Hijacked?How is that possible? (Read 2855 times)