Author

Topic: Funds stolen from blockchain.info (Read 3554 times)

legendary
Activity: 2940
Merit: 1333
November 06, 2014, 02:45:22 PM
#25
blockchain uses https (obviously). If there is a problem with that, a man in the middle attack wouldnt be confined to tor at all. Anyone who could snoop your traffic would be able to steal your coins, and that would be problematic to put it mildly.

That's not true. In order to use the POODLE exploit you need to be able to modify the stream, not just read it.

The problem is only with webservers which allow SSL3. Everyone should disable SSL3 to prevent the attack.

blockchain.info uses cloudflare, which seems to mean they don't use SSL3 - which leaves me wonder how this attack is being successful.
hero member
Activity: 518
Merit: 500
November 06, 2014, 03:40:06 AM
#24
blockchain uses https (obviously). If there is a problem with that, a man in the middle attack wouldnt be confined to tor at all. Anyone who could snoop your traffic would be able to steal your coins, and that would be problematic to put it mildly.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
November 06, 2014, 02:48:21 AM
#23
Tor is pretty safe as long as you download all the updates. The latest Tor update disabled SSL3 and it is not possible to MITM attack with the newest version.

I don't know Tor enough to be criticising it, but the whole idea seems rather unsafe. I don't feel comfortable with typing any passwords in it.
Traffic coming out of tor exit nodes are unencrypted. Rogue exit nodes can potential capture unencrypted information transmitted using HTTP instead of HTTPS. Alternatively, vulnerbilities in HTTPS can allow those exit nodes to see encrypted information and capture your passwords.
legendary
Activity: 1176
Merit: 1005
Decentralized Asset Management Platform
November 06, 2014, 02:37:55 AM
#22
people who using TOR to access blockchain faced this problem
it was an issue with exit node on tor network
hero member
Activity: 672
Merit: 500
November 05, 2014, 02:11:02 PM
#21
Tor is pretty safe as long as you download all the updates. The latest Tor update disabled SSL3 and it is not possible to MITM attack with the newest version.

I don't know Tor enough to be criticising it, but the whole idea seems rather unsafe. I don't feel comfortable with typing any passwords in it.
sr. member
Activity: 297
Merit: 250
November 05, 2014, 01:32:26 PM
#20
So how is TOR safe if someone can do this?


Tor is pretty safe as long as you download all the updates. The latest Tor update disabled SSL3 and it is not possible to MITM attack with the newest version.

It's exit nodes that are the problem.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
November 04, 2014, 07:09:28 AM
#19
So how is TOR safe if someone can do this?


Tor is pretty safe as long as you download all the updates. The latest Tor update disabled SSL3 and it is not possible to MITM attack with the newest version.
hero member
Activity: 519
Merit: 500
November 04, 2014, 07:05:55 AM
#18
Was accessing my wallet from Tor and then suddenly, 1.84100102 BTC was transferred to 1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

2FA was always enabled. Using google auth.

Do I have any recourse?

Looks like whoever it is has been pretty active: https://blockchain.info/address/1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

WOW  Shocked
newbie
Activity: 5
Merit: 0
November 04, 2014, 01:20:56 AM
#17
Was accessing my wallet from Tor and then suddenly, 1.84100102 BTC was transferred to 1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

2FA was always enabled. Using google auth.

Do I have any recourse?

Looks like whoever it is has been pretty active: https://blockchain.info/address/1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7
hero member
Activity: 597
Merit: 500
November 04, 2014, 12:58:33 AM
#16
So how is TOR safe if someone can do this?


This is using the POODLE exploit, it's genius. Only way to stop it is to disable SSL 3.0 on both ends. So using TOR only makes the MITM part easier, it's not that TOR is the only way to accomplish this.
sr. member
Activity: 249
Merit: 250
November 02, 2014, 07:03:49 PM
#15
So how is TOR safe if someone can do this?

newbie
Activity: 39
Merit: 0
November 02, 2014, 01:39:42 PM
#14
Yes Tor & any online wallet don't mix & you should expect to lose everything. Never access with Tor you will regret it. It's the same with emails and other things too.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
November 02, 2014, 06:01:14 AM
#13
I also know someboy who have had the same experience. If the exit node is running by a criminal you may loose all your coins.

far more likely than a man in the middle attack.
full member
Activity: 224
Merit: 100
November 02, 2014, 05:57:08 AM
#12
Was accessing my wallet from Tor and then suddenly, 1.84100102 BTC was transferred to 1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

2FA was always enabled. Using google auth.

Do I have any recourse?
how is this possible, i see a lot of posts about losing bitcoins while using Tor but all of them have one thing in common: they don't have 2FA.
are you sure you didn't mess up like using wrong recipient address

It has to do something with javascript and tor running along. There are a lot of security issues doing it, and there have been several cases of this happening.
newbie
Activity: 13
Merit: 0
November 02, 2014, 05:54:14 AM
#11
I also know someboy who have had the same experience. If the exit node is running by a criminal you may loose all your coins.
legendary
Activity: 3472
Merit: 10611
November 02, 2014, 05:18:57 AM
#10
Was accessing my wallet from Tor and then suddenly, 1.84100102 BTC was transferred to 1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

2FA was always enabled. Using google auth.

Do I have any recourse?
how is this possible, i see a lot of posts about losing bitcoins while using Tor but all of them have one thing in common: they don't have 2FA.
are you sure you didn't mess up like using wrong recipient address
hero member
Activity: 662
Merit: 500
November 02, 2014, 02:59:27 AM
#9
i know it's not a huge amount, but do I have any recourse?

Bitcoin transcation is irreversible and I am afraid you won't be able to get your bitcoin back.
member
Activity: 70
Merit: 10
★777Coin.com★ Fun BTC Casino!
November 02, 2014, 01:46:28 AM
#8
1.8 BTC isn't a huge amount?...Damn I wish I had that much. It's hard to get it back...particularly due to the nature of cryptocurrency
newbie
Activity: 9
Merit: 0
November 02, 2014, 01:13:38 AM
#7
i know it's not a huge amount, but do I have any recourse?
sr. member
Activity: 322
Merit: 252
Here I Am !!
November 01, 2014, 06:04:33 PM
#6
Do not use TOR to access your wallet / blockchain.info, I believe you were the victim of man-in-the-middle attack, there is known POODLE vulnerability in TSL/SSL that's being exploited in TOR network

similar thread :
https://bitcointalksearch.org/topic/there-is-an-epic-blockchaininfo-theft-method-out-there-828238
hero member
Activity: 672
Merit: 500
November 01, 2014, 01:19:26 PM
#4
You should search the forum about blockchain.info wallets and tor. You are not the only one with funds stolen. Tor and web wallets don't mix.
newbie
Activity: 9
Merit: 0
November 01, 2014, 01:18:06 PM
#3
i think it has something to do with malicious Tor exit nodes.

so whatever you do, don't use Tor with web wallets  Angry
legendary
Activity: 1722
Merit: 1014
November 01, 2014, 12:54:13 PM
#2
How is it possible buddy ? How can anyone stole bitcoins from ur blockchain wallet without knowing ur identifier and password . I am totally confused about this issue. If this is really happening, then i have to stop using blockchain and have to transfer my all funds to a secure btc wallet.
newbie
Activity: 9
Merit: 0
November 01, 2014, 12:14:05 PM
#1
Was accessing my wallet from Tor and then suddenly, 1.84100102 BTC was transferred to 1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

2FA was always enabled. Using google auth.

Do I have any recourse?
Jump to: