Pages:
Author

Topic: Tor+Blockchain wallet hacked? 633 btc loss - page 5. (Read 14360 times)

legendary
Activity: 3346
Merit: 3130
October 14, 2014, 09:39:16 AM
#58
Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning  , and finally lead to the MITM , and I think the Hacker did not get my password,  the transfer  based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .



BTW    I'm not the only Victim ,  You can check the hacker address  : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f  click some TXID, You will see all transactions  Relayed by IP : Blockchain.info



Sorry for my english.

This is weird, i have some emperience in pen test, and im trying to find the way it happen.

Quote
I'm sure this is MITM attack.

Man in the middle attack is posible if the attack came from the LAN network:

192.168.1.x1 ----poison router ----> 192.168.1.254 -----Victim ----> 192.168.1.x2

But if you was using TOR a crazy idea came to my head, i dont know of is posible to make a MITM in the TOR network, but i think there is no way to make this. only if you are the FBI and you are making the "Operation Torpedo".
newbie
Activity: 21
Merit: 0
October 14, 2014, 09:21:56 AM
#57
This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning.

The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet.

IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen)

They can even inject fake SSL-lock icons inside your browser. Not much people will notice.

you dont get it do you? lol at your research... look like you have to spend alot more time.


What exactly I dont understand? I know exactly how these attacks are performed unlike you.

Lol... Bitcointalk trolls are talking.
sr. member
Activity: 252
Merit: 251
Knowledge its everything
October 14, 2014, 09:16:11 AM
#56
Never think someone keep his/her bitcoin in online wallet  Sad
Because there was often case people lose bitcoin in online wallet

sorry to hear the loss, but why would anyone with so much in BTC not learn to secure their only wallet?

Last time, there war a people who lost about 300 bitcoin. Because he put on online wallet  Sad
hero member
Activity: 756
Merit: 500
October 14, 2014, 09:11:43 AM
#55
sorry to hear the loss, but why would anyone with so much in BTC not learn to secure their only wallet?
legendary
Activity: 4256
Merit: 1313
October 14, 2014, 08:53:36 AM
#54
... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
newbie
Activity: 34
Merit: 0
October 14, 2014, 08:12:54 AM
#53
I had personnaly the exact same problem for a transaction.

The event happened as followed, opened a Blockchain.info wallet through Tor Browser, initiated a Sharedcoin transfer that stayed pending with the window bugged, when i relogged to the wallet it was empty with a transaction going out to the address mentioned in the OP.

I have a report from another user that lost about 50 BTC with just logging into the wallet through TOR, the transfers are going to the exact same address mentioned...

My computer is secure and it is not a local hack or something related to the browser at all, the common factor in all the people that have these problems is TOR.

I'm not enough skilled in hacking to explain how it is possible to highjack the https connection through a TOR Node or to make these transfers happening, but it is possible for sure i can confirm you that personnaly and i paid a lot for that...

It seems it is only related to Blockchain.info + TOR so perhaps there are some reasons for these problems...
sr. member
Activity: 364
Merit: 250
October 14, 2014, 07:29:12 AM
#52
This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning.

The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet.

IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen)

They can even inject fake SSL-lock icons inside your browser. Not much people will notice.

you dont get it do you? lol at your research... look like you have to spend alot more time.


What exactly I dont understand? I know exactly how these attacks are performed unlike you.
newbie
Activity: 56
Merit: 0
October 14, 2014, 07:21:52 AM
#51
Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning  , and finally lead to the MITM , and I think the Hacker did not get my password,  the transfer  based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .



BTW    I'm not the only Victim ,  You can check the hacker address  : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f  click some TXID, You will see all transactions  Relayed by IP : Blockchain.info



Sorry for my english.



And the plot thickens.

Some things do not add up. Those with more knowledge may be able to put the pieces together here. He seems way too comfortable with the explanation of how he thinks it happened.

This almost feels like a social experiment.

Either way, it sucks to live in an environment where paranoia reigns supreme. I'm looking at you China.
newbie
Activity: 4
Merit: 0
October 14, 2014, 07:00:20 AM
#50
Its a big loss. It is better to avoid using tor for using our accounts.
legendary
Activity: 2912
Merit: 1068
WOLF.BET - Provably Fair Crypto Casino
October 14, 2014, 06:55:00 AM
#49
I wish I had so much BTC in my wallet....
newbie
Activity: 1
Merit: 0
October 14, 2014, 06:28:53 AM
#48
Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning  , and finally lead to the MITM , and I think the Hacker did not get my password,  the transfer  based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .



BTW    I'm not the only Victim ,  You can check the hacker address  : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f  click some TXID, You will see all transactions  Relayed by IP : Blockchain.info



Sorry for my english.
legendary
Activity: 3990
Merit: 1385
October 14, 2014, 05:51:33 AM
#47
Hacking gets in by accessing one of the computers that people type on. It doesn't generally happen by somebody hacking the blockchain or a password. We need to protect our computers from the hacking that happens because the ISP isn't protected well enough. We need MaidSafe. They are ready for you to download their setup. And if you want to start programming for them, they are ready for that, as well.

Smiley
member
Activity: 139
Merit: 10
October 14, 2014, 04:18:53 AM
#46
His browser either got hijacked with spyware or his OS. Then the second option would be that the tor exit node falsified the http/ssl certificate to be able to sniff on the password, the last is very unlikely.


If you're storing that much bitcoins one would be wise to store them offline.... Or at least on a separate Linux pc only used to store bitcoins running a good secure wallet.
hero member
Activity: 658
Merit: 500
October 14, 2014, 04:13:37 AM
#45
Here's the recipe for fairly secure storage of your crypto-wealth:

  • Linux operating system. Updated, running rootkit/keylogger detectors from time to time.
  • Encrypted wallet(s), keeping the passwords in head or keepass.
  • Daily backup of wallets to 2 other locations, over the Internet. Fwbackups is good GUI option that uses rsync/sftp.

For extremely paranoid people, cold/offline wallets or paper-wallets, but that's a bit of an overkill, I think the first method is 99.9% safe.

and 100% of false security.

Any wallet thats online, encrypted or not is not safe, period.

Luckily, we have multisig wallet so you can atleast keep one private key offline only for signing tx.
legendary
Activity: 1316
Merit: 1000
October 14, 2014, 04:07:00 AM
#44
Sucks if true, these scams just make BTC less appealing to the casual internet user.

If you're not safe to handle bitcoins then you're not safe enough to use online banking. If you've got a keylogger then it's going to capture everything.

Not totally true because of charge backs.  

We need bitcoin to be user friendly, maybe it takes central authority like circle and paypal to deliver this right now.
donator
Activity: 1218
Merit: 1015
October 14, 2014, 04:01:50 AM
#43
Vitalik's theory sounds pretty likely. Remote control of PC. Possible he even had some kind of VNC server running, which seems insane, but so does most of this story.
member
Activity: 75
Merit: 10
Fearless, except for those who are fearless
October 14, 2014, 03:46:22 AM
#42
Sucks if true, these scams just make BTC less appealing to the casual internet user.

If you're not safe to handle bitcoins then you're not safe enough to use online banking. If you've got a keylogger then it's going to capture everything.
This is absolutely true.
Defend your precious property.
Only keep pocket change in hot wallets.
legendary
Activity: 2296
Merit: 1014
October 14, 2014, 03:39:16 AM
#41
What a loss...
Bitcoin security is something we must solve for common computer users. It must be easy, trezor did first attempt but we must do more as community.
legendary
Activity: 2632
Merit: 1023
October 14, 2014, 02:40:34 AM
#40
any coins stored on any service are not your coins.

unless you have full control of private keys, generated offline, and enter them to a clean linux install that never touches the internet, eg signed transactions, you will be likely hacked. Sure use an online wallet for very small amounts for convenience, eg you can afford to lose $10, just remember in 4 years that $10 could be 1~10K.
/thread
legendary
Activity: 888
Merit: 1000
Monero - secure, private and untraceable currency.
October 14, 2014, 02:39:05 AM
#39
Here's the recipe for fairly secure storage of your crypto-wealth:

  • Linux operating system. Updated, running rootkit/keylogger detectors from time to time.
  • Encrypted wallet(s), keeping the passwords in head or keepass.
  • Daily backup of wallets to 2 other locations, over the Internet. Fwbackups is good GUI option that uses rsync/sftp.

For extremely paranoid people, cold/offline wallets or paper-wallets, but that's a bit of an overkill, I think the first method is 99.9% safe.
Pages:
Jump to: