Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: Tor+Blockchain wallet hacked? 633 btc loss - page 3. (Read 14349 times)

teukon
legendary
Activity: 1246
Merit: 1011
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 19, 2014, 04:27:12 AM
#98
Quote from: BTCmoons on October 18, 2014, 10:03:21 PM
Quote from: teukon on October 18, 2014, 04:45:41 PM
To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.
I would say a potential reason not to use a think client via tor is that you have the possibility to have a exit node fake a transaction to an address of yours. This would make you think that you have received payment when you in fact have not, this could result in you releasing goods when you should not have.

Yes, this is true.  Sorry, allow me to clarify.

Thin-clients via Tor should be fine for protecting payment privacy.  You would also need to run a verifying node of some description, not on Tor, to check the state of your addresses and be sure that attacks such as the one you described are ineffective.  I'm sure we'll see this setup more if Bitcoin's bandwidth requirement rises.
DonDev
full member
Activity: 150
Merit: 100
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 10:14:10 PM
#97
633 btc is a lot. But why were you using TOR?
ruletheworld
legendary
Activity: 1386
Merit: 1045
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 10:08:08 PM
#96
Quote from: BTCmoons on October 18, 2014, 10:03:21 PM
Quote from: teukon on October 18, 2014, 04:45:41 PM
Quote from: pitiflin on October 18, 2014, 02:01:48 PM
Quote from: teukon on October 18, 2014, 01:44:48 PM
Quote from: FattyMcButterpants on October 18, 2014, 12:53:17 PM
Quote from: pitiflin on October 18, 2014, 12:26:21 PM
Thank you very much, and how can I use Armory with TOR?
You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.

For best results, you should have at least a basic idea of internet routing and how, Tor, and HTTPS interact.  This will help you guard yourself against other ways of losing bitcoins.

A worked example:  Suppose you want to send some bitcoins to me and I gave you an address in a bitcointalk.org post, say 5 mills (0.005 BTC) to 1J1ikF1fJVDzGKjwzZKnMfyHaguGkpbyug.  Can you be sure you're seeing my address?  Can you be sure the amount hasn't been tampered with?  Does anyone have the power to swap their own address in place of mine?  Does HTTPS make a difference?  Does using Tor Browser introduce risk?  Does changing identity and reloading the page to double-check help?
I would say a potential reason not to use a think client via tor is that you have the possibility to have a exit node fake a transaction to an address of yours. This would make you think that you have received payment when you in fact have not, this could result in you releasing goods when you should not have.
This. You don't have any control over the exit nodes that ultimately 'fetches' you the website.
BTCmoons
full member
Activity: 173
Merit: 100
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 10:03:21 PM
#95
Quote from: teukon on October 18, 2014, 04:45:41 PM
Quote from: pitiflin on October 18, 2014, 02:01:48 PM
Quote from: teukon on October 18, 2014, 01:44:48 PM
Quote from: FattyMcButterpants on October 18, 2014, 12:53:17 PM
Quote from: pitiflin on October 18, 2014, 12:26:21 PM
Thank you very much, and how can I use Armory with TOR?
You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.

For best results, you should have at least a basic idea of internet routing and how, Tor, and HTTPS interact.  This will help you guard yourself against other ways of losing bitcoins.

A worked example:  Suppose you want to send some bitcoins to me and I gave you an address in a bitcointalk.org post, say 5 mills (0.005 BTC) to 1J1ikF1fJVDzGKjwzZKnMfyHaguGkpbyug.  Can you be sure you're seeing my address?  Can you be sure the amount hasn't been tampered with?  Does anyone have the power to swap their own address in place of mine?  Does HTTPS make a difference?  Does using Tor Browser introduce risk?  Does changing identity and reloading the page to double-check help?
I would say a potential reason not to use a think client via tor is that you have the possibility to have a exit node fake a transaction to an address of yours. This would make you think that you have received payment when you in fact have not, this could result in you releasing goods when you should not have.
teukon
legendary
Activity: 1246
Merit: 1011
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 04:45:41 PM
#94
Quote from: pitiflin on October 18, 2014, 02:01:48 PM
Quote from: teukon on October 18, 2014, 01:44:48 PM
Quote from: FattyMcButterpants on October 18, 2014, 12:53:17 PM
Quote from: pitiflin on October 18, 2014, 12:26:21 PM
Thank you very much, and how can I use Armory with TOR?
You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.

For best results, you should have at least a basic idea of internet routing and how, Tor, and HTTPS interact.  This will help you guard yourself against other ways of losing bitcoins.

A worked example:  Suppose you want to send some bitcoins to me and I gave you an address in a bitcointalk.org post, say 5 mills (0.005 BTC) to 1J1ikF1fJVDzGKjwzZKnMfyHaguGkpbyug.  Can you be sure you're seeing my address?  Can you be sure the amount hasn't been tampered with?  Does anyone have the power to swap their own address in place of mine?  Does HTTPS make a difference?  Does using Tor Browser introduce risk?  Does changing identity and reloading the page to double-check help?
mnmShadyBTC
full member
Activity: 151
Merit: 100
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 03:57:17 PM
#93
Quote from: pitiflin on October 18, 2014, 02:01:48 PM
Quote from: teukon on October 18, 2014, 01:44:48 PM
Quote from: FattyMcButterpants on October 18, 2014, 12:53:17 PM
Quote from: pitiflin on October 18, 2014, 12:26:21 PM
Thank you very much, and how can I use Armory with TOR?
You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...
As long as your keys are held on your computer and your computer is not compromised using TOR with armory should be fine. The reason that the OP was able to have bitcoin stolen from him was because the exit node was able to fake the blockchain.info website and intercept the encrypted traffic between the OP and blockchian.info
Envrin
sr. member
Activity: 318
Merit: 251
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 02:59:53 PM
#92

Why was he ever storing that much in an online wallet like blockchain.info to begin with?  If you have that much money, at least throw a BTC or two to someone technical who can guide you through how to best store it.
pitiflin
hero member
Activity: 980
Merit: 507
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 02:01:48 PM
#91
Quote from: teukon on October 18, 2014, 01:44:48 PM
Quote from: FattyMcButterpants on October 18, 2014, 12:53:17 PM
Quote from: pitiflin on October 18, 2014, 12:26:21 PM
Thank you very much, and how can I use Armory with TOR?
You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...
pitiflin
hero member
Activity: 980
Merit: 507
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 02:01:06 PM
#90
Quote from: Velkro on October 18, 2014, 12:57:29 PM
Quote from: robhimself on October 13, 2014, 05:21:03 AM
Sucks if true, these scams just make BTC less appealing to the casual internet user.
and this will not change soon... we need better software to handle BTC, always 2 factor authentication, everywhere, that hackers won't be able to defraud money without hacking cellphone too

I was using 2 factor authentication...
teukon
legendary
Activity: 1246
Merit: 1011
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 01:44:48 PM
#89
Quote from: FattyMcButterpants on October 18, 2014, 12:53:17 PM
Quote from: pitiflin on October 18, 2014, 12:26:21 PM
Thank you very much, and how can I use Armory with TOR?
You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.
Velkro
legendary
Activity: 2296
Merit: 1014
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 12:57:29 PM
#88
Quote from: robhimself on October 13, 2014, 05:21:03 AM
Sucks if true, these scams just make BTC less appealing to the casual internet user.
and this will not change soon... we need better software to handle BTC, always 2 factor authentication, everywhere, that hackers won't be able to defraud money without hacking cellphone too
FattyMcButterpants
sr. member
Activity: 448
Merit: 250
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 12:53:17 PM
#87
Quote from: pitiflin on October 18, 2014, 12:26:21 PM
Quote from: FattyMcButterpants on October 18, 2014, 12:20:39 PM
Quote from: pitiflin on October 18, 2014, 07:55:26 AM
Quote from: scarsbergholden on October 18, 2014, 07:04:06 AM
Quote from: pitiflin on October 18, 2014, 06:53:46 AM
Quote from: scarsbergholden on October 15, 2014, 08:31:10 PM
Quote from: pitiflin on October 14, 2014, 06:25:39 PM
Quote from: FattyMcButterpants on October 14, 2014, 06:22:32 PM
Quote from: cr1776 on October 14, 2014, 08:53:36 AM
Quote from: odolvlobo on October 13, 2014, 02:58:00 PM
Quote from: hl5460 on October 13, 2014, 05:19:41 AM
... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...
When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?
As long as you control the private keys on your computer TOR will not have any way of stealing your bitcoin. If you value your anonymity then you should use TOR to broadcast a TX and to monitor the Bitcoin network for new TXs received to any address that you control.

The only real risk with using TOR with a wallet like Armory is that the exit node not allow you to broadcast the TX, however this can be resolved by "using a new identity" or waiting 10 minutes for TOR to automatically use a new exit node


Thank you very much, and how can I use Armory with TOR?
You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.
pitiflin
hero member
Activity: 980
Merit: 507
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 12:26:21 PM
#86
Quote from: FattyMcButterpants on October 18, 2014, 12:20:39 PM
Quote from: pitiflin on October 18, 2014, 07:55:26 AM
Quote from: scarsbergholden on October 18, 2014, 07:04:06 AM
Quote from: pitiflin on October 18, 2014, 06:53:46 AM
Quote from: scarsbergholden on October 15, 2014, 08:31:10 PM
Quote from: pitiflin on October 14, 2014, 06:25:39 PM
Quote from: FattyMcButterpants on October 14, 2014, 06:22:32 PM
Quote from: cr1776 on October 14, 2014, 08:53:36 AM
Quote from: odolvlobo on October 13, 2014, 02:58:00 PM
Quote from: hl5460 on October 13, 2014, 05:19:41 AM
... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...
When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?
As long as you control the private keys on your computer TOR will not have any way of stealing your bitcoin. If you value your anonymity then you should use TOR to broadcast a TX and to monitor the Bitcoin network for new TXs received to any address that you control.

The only real risk with using TOR with a wallet like Armory is that the exit node not allow you to broadcast the TX, however this can be resolved by "using a new identity" or waiting 10 minutes for TOR to automatically use a new exit node


Thank you very much, and how can I use Armory with TOR?
FattyMcButterpants
sr. member
Activity: 448
Merit: 250
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 12:20:39 PM
#85
Quote from: pitiflin on October 18, 2014, 07:55:26 AM
Quote from: scarsbergholden on October 18, 2014, 07:04:06 AM
Quote from: pitiflin on October 18, 2014, 06:53:46 AM
Quote from: scarsbergholden on October 15, 2014, 08:31:10 PM
Quote from: pitiflin on October 14, 2014, 06:25:39 PM
Quote from: FattyMcButterpants on October 14, 2014, 06:22:32 PM
Quote from: cr1776 on October 14, 2014, 08:53:36 AM
Quote from: odolvlobo on October 13, 2014, 02:58:00 PM
Quote from: hl5460 on October 13, 2014, 05:19:41 AM
... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...
When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?
As long as you control the private keys on your computer TOR will not have any way of stealing your bitcoin. If you value your anonymity then you should use TOR to broadcast a TX and to monitor the Bitcoin network for new TXs received to any address that you control.

The only real risk with using TOR with a wallet like Armory is that the exit node not allow you to broadcast the TX, however this can be resolved by "using a new identity" or waiting 10 minutes for TOR to automatically use a new exit node
hasherr
newbie
Activity: 18
Merit: 0
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 12:08:53 PM
#84
Quote from: honesepotato on October 14, 2014, 06:28:53 AM
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning

(facepalm) . Its strange how someone can hoard such amount of btc and dont understand how serious ssl cert mismatch are.
Gumbork
hero member
Activity: 583
Merit: 500
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 09:40:44 AM
#83
633 btc is a lot!!! wish I had money for that much..
pitiflin
hero member
Activity: 980
Merit: 507
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 07:55:26 AM
#82
Quote from: scarsbergholden on October 18, 2014, 07:04:06 AM
Quote from: pitiflin on October 18, 2014, 06:53:46 AM
Quote from: scarsbergholden on October 15, 2014, 08:31:10 PM
Quote from: pitiflin on October 14, 2014, 06:25:39 PM
Quote from: FattyMcButterpants on October 14, 2014, 06:22:32 PM
Quote from: cr1776 on October 14, 2014, 08:53:36 AM
Quote from: odolvlobo on October 13, 2014, 02:58:00 PM
Quote from: hl5460 on October 13, 2014, 05:19:41 AM
... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...
When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?
teukon
legendary
Activity: 1246
Merit: 1011
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 07:36:00 AM
#81
Quote from: omegaflare on October 16, 2014, 03:34:42 AM
HTTPS everywhere is suppose to resolve this issue, no?

Not necessarily.  A blockchain.info ruleset may not be available depending on the users setup.  For example, Tor Browser comes with HTTPS Everywhere by default but there's no blockchain.info entry at present (I do see good ol' blockexplorer.com Smiley).  As a result, if I download and launch the latest version of Tor Browser (currently v4.0), and enter "blockchain.info" or "blockchain.info/wallet" in the URL bar I'll be given a plain, unencrypted, HTTP connection.

HTTPS Everywhere is, more accurately, HTTPS at a wide selection of sites.  Their slogan:
Quote
Encrypt the Web! Automatically use HTTPS security on many sites.
scarsbergholden
hero member
Activity: 686
Merit: 500
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 07:04:06 AM
#80
Quote from: pitiflin on October 18, 2014, 06:53:46 AM
Quote from: scarsbergholden on October 15, 2014, 08:31:10 PM
Quote from: pitiflin on October 14, 2014, 06:25:39 PM
Quote from: FattyMcButterpants on October 14, 2014, 06:22:32 PM
Quote from: cr1776 on October 14, 2014, 08:53:36 AM
Quote from: odolvlobo on October 13, 2014, 02:58:00 PM
Quote from: hl5460 on October 13, 2014, 05:19:41 AM
... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...
When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  
pitiflin
hero member
Activity: 980
Merit: 507
Re: Tor+Blockchain wallet hacked? 633 btc loss
October 18, 2014, 06:59:34 AM
#79
Quote from: crazyjack on October 18, 2014, 06:56:33 AM
at the end all BTC will be lost and hacked until forgotten.... that is why there is no future in current system...

It looks like it... security is key. I've lost 4 BTC in total in different attacks, and I'm no newbie. People can't expect the average user to use Armory offline wallets and shit like that. (Which I do anyway) Something must be found quickly.
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: