Topic: Tor+Blockchain wallet hacked? 633 btc loss - page 4. (Read 14334 times)
at the end all BTC will be lost and hacked until forgotten.... that is why there is no future in current system...
... Then there was an error message pop up, he closed it and refreshed the wallet page...
That probably was probably a key moment.
Exactly. They were key logging him or had hijacked the computer and then transferred the money out. It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer. (Of course it is possible, just very unlikely).
One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.
IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage
It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP
I didn't give them any ID, just an email address.
By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR
I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?
Fucking blockchain...
Unfortunately OP, this is a common occurance. Malicious Tor exit nodes are redirecting requests to known bitcoin wallets and exchanges to their own malicious version and stealing coins. Even in SSL connections. Always verify the SSL certificate fingerprint and make sure it is correct when you are doing Bitcoin related things on Tor.
Even with SSL, Poodle has been shown to be able to perform a MITM attack against users. Checking the SSL certificate would not necessarily have stopped this attack probably a man-in-the-middle attack performed by a TOR exit node.
just a reminder that in general it is not a good idea to use TOR to access
clearnet (that is, "normal" web addresses, as opposed to TOR hidden services).
What TOR makes secure in this case is the connection to the so-called TOR exit
node, which connects for you to your destination address, and sends you
the data back over the TOR network, thus acting as a proxy. However, you are effectively trusting
the exit node not to fiddle with the data it forwards. Since the exit node can be
anybody (you can set up one, too), there is really no reason to trust it.
In particular, they can redirct your blockchain.info request to a fake site,
or strip your communication of its SSL and read all of it.
If you still want to use TOR to access clear net, and want to make this secure,
you have to download and install SSL certificates of every site you are going to use, in this
case of blockchain.info .
just a reminder that in general it is not a good idea to use TOR to access
clearnet (that is, "normal" web addresses, as opposed to TOR hidden services).
What TOR makes secure in this case is the connection to the so-called TOR exit
node, which connects for you to your destination address, and sends you
the data back over the TOR network, thus acting as a proxy. However, you are effectively trusting
the exit node not to fiddle with the data it forwards. Since the exit node can be
anybody (you can set up one, too), there is really no reason to trust it.
In particular, they can redirct your blockchain.info request to a fake site,
or strip your communication of its SSL and read all of it.
If you still want to use TOR to access clear net, and want to make this secure,
you have to download and install SSL certificates of every site you are going to use, in this
case of blockchain.info .
HTTPS everywhere is suppose to resolve this issue, no?
can't believe that owner of 775 btc who is too lazy to protect his/her btc ....should more careful it's too shocking news he lost almost 236740$ it can change one's whole life....
other guys lost much more and they studied "computer science"
actualy we dont know anything about this case. i doubt it was because if Tor. i think it was his shitty computer (maleware etc).
You summed it up perfectly.
Unfortunately OP, this is a common occurance. Malicious Tor exit nodes are redirecting requests to known bitcoin wallets and exchanges to their own malicious version and stealing coins. Even in SSL connections. Always verify the SSL certificate fingerprint and make sure it is correct when you are doing Bitcoin related things on Tor.
Why not use cold wallet?
Bitcoin biggest enemy is not the government? Is hacker?
... Then there was an error message pop up, he closed it and refreshed the wallet page...
That probably was probably a key moment.
Exactly. They were key logging him or had hijacked the computer and then transferred the money out. It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer. (Of course it is possible, just very unlikely).
One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.
IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage
It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP
Is it really? Thought of the lost coins won't be found forever, I feel a little sad.
With the recently announced POODLE flaw, I think that is probably it. Particularly when you see "certificate doesn't match" etc.
https://bitcointalksearch.org/topic/poodle-vulnerability-825058
It's caused by POODLE vulnerability in TSL/SSL, if you use TOR to access internet then someone might have stolen and read your traffic (read above thread by theymos)
... Then there was an error message pop up, he closed it and refreshed the wallet page...
That probably was probably a key moment.
Exactly. They were key logging him or had hijacked the computer and then transferred the money out. It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer. (Of course it is possible, just very unlikely).
One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.
IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage
It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
... Then there was an error message pop up, he closed it and refreshed the wallet page...
That probably was probably a key moment.
Exactly. They were key logging him or had hijacked the computer and then transferred the money out. It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer. (Of course it is possible, just very unlikely).
One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.
IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage
Spend the money and use a good VPN service.
Don't trust Tor with finances. Tor is fine for anonymity but not security.
Sorry for your loss.
Don't trust Tor with finances. Tor is fine for anonymity but not security.
Sorry for your loss.
I lost 2 BTC in a similar way, using coinbase+tor
I got a "this connection is untrusted" message and when I refreshed the window the BTC were gone...
Since then I use Armory. But the funny thing is that for small amounts I changed to blockhain + tor...
I got a "this connection is untrusted" message and when I refreshed the window the BTC were gone...
Since then I use Armory. But the funny thing is that for small amounts I changed to blockhain + tor...
I have lost too, but not that amount.
I hope you find it soon.
I hope you find it soon.
I.. I..
I only have 4-5 BTC and I am so protective I have them all in many different locations encrypted with different passes...
I only have 4-5 BTC and I am so protective I have them all in many different locations encrypted with different passes...
The real question is why would someone keep ~$250k worth of BTC on a web based wallet?
Did Gox teach us nothing?
With Bitcoin you are the bank.
It's a beautiful and dangerous thing.
IMO, if you do not control and protect your private keys you are setting yourself up for disaster.
Did Gox teach us nothing?
With Bitcoin you are the bank.
It's a beautiful and dangerous thing.
IMO, if you do not control and protect your private keys you are setting yourself up for disaster.
Jump to: