Tor+Blockchain wallet hacked? 633 btc loss - page 5.

seoincorporation

legendary

Activity: 3290

Merit: 3092

Quote from: honesepotato on October 14, 2014, 07:28:53 AM

Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service , so I didnt care Certificate warning , and finally lead to the MITM , and I think the Hacker did not get my password, the transfer based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .

BTW I'm not the only Victim , You can check the hacker address : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f click some TXID, You will see all transactions Relayed by IP : Blockchain.info

Sorry for my english.

This is weird, i have some emperience in pen test, and im trying to find the way it happen.

Quote

I'm sure this is MITM attack.

Man in the middle attack is posible if the attack came from the LAN network:

192.168.1.x1 ----poison router ----> 192.168.1.254 -----Victim ----> 192.168.1.x2

But if you was using TOR a crazy idea came to my head, i dont know of is posible to make a MITM in the TOR network, but i think there is no way to make this. only if you are the FBI and you are making the "Operation Torpedo".

n0rBit

newbie

Activity: 21

Merit: 0

Quote from: PhilipMorris on October 14, 2014, 08:29:12 AM

Quote from: seriouscoin on October 14, 2014, 03:14:15 AM

Quote from: PhilipMorris on October 13, 2014, 07:02:17 PM

Quote from: BTCmoons on October 13, 2014, 06:33:20 PM

Quote from: PhilipMorris on October 13, 2014, 05:32:30 PM

This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.

This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning.

The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet.

IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen)

They can even inject fake SSL-lock icons inside your browser. Not much people will notice.

you dont get it do you? lol at your research... look like you have to spend alot more time.

What exactly I dont understand? I know exactly how these attacks are performed unlike you.

Lol... Bitcointalk trolls are talking.

sandykho47

sr. member

Activity: 252

Merit: 251

Knowledge its everything

Never think someone keep his/her bitcoin in online wallet Sad

Because there was often case people lose bitcoin in online wallet

Quote from: gog1 on October 14, 2014, 10:11:43 AM

sorry to hear the loss, but why would anyone with so much in BTC not learn to secure their only wallet?

Last time, there war a people who lost about 300 bitcoin. Because he put on online wallet Sad

gog1

hero member

Activity: 756

Merit: 500

sorry to hear the loss, but why would anyone with so much in BTC not learn to secure their only wallet?

cr1776

legendary

Activity: 4130

Merit: 1307

Quote from: odolvlobo on October 13, 2014, 03:58:00 PM

Quote from: hl5460 on October 13, 2014, 06:19:41 AM

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly. They were key logging him or had hijacked the computer and then transferred the money out. It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer. (Of course it is possible, just very unlikely).

Gabralkhan

newbie

Activity: 34

Merit: 0

I had personnaly the exact same problem for a transaction.

The event happened as followed, opened a Blockchain.info wallet through Tor Browser, initiated a Sharedcoin transfer that stayed pending with the window bugged, when i relogged to the wallet it was empty with a transaction going out to the address mentioned in the OP.

I have a report from another user that lost about 50 BTC with just logging into the wallet through TOR, the transfers are going to the exact same address mentioned...

My computer is secure and it is not a local hack or something related to the browser at all, the common factor in all the people that have these problems is TOR.

I'm not enough skilled in hacking to explain how it is possible to highjack the https connection through a TOR Node or to make these transfers happening, but it is possible for sure i can confirm you that personnaly and i paid a lot for that...

It seems it is only related to Blockchain.info + TOR so perhaps there are some reasons for these problems...

PhilipMorris

sr. member

Activity: 364

Merit: 250

Quote from: seriouscoin on October 14, 2014, 03:14:15 AM

Quote from: PhilipMorris on October 13, 2014, 07:02:17 PM

Quote from: BTCmoons on October 13, 2014, 06:33:20 PM

Quote from: PhilipMorris on October 13, 2014, 05:32:30 PM

This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.

This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning.

The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet.

IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen)

They can even inject fake SSL-lock icons inside your browser. Not much people will notice.

you dont get it do you? lol at your research... look like you have to spend alot more time.

What exactly I dont understand? I know exactly how these attacks are performed unlike you.

cma3

newbie

Activity: 56

Merit: 0

Quote from: honesepotato on October 14, 2014, 07:28:53 AM

Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service , so I didnt care Certificate warning , and finally lead to the MITM , and I think the Hacker did not get my password, the transfer based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .

BTW I'm not the only Victim , You can check the hacker address : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f click some TXID, You will see all transactions Relayed by IP : Blockchain.info

Sorry for my english.

And the plot thickens.

Some things do not add up. Those with more knowledge may be able to put the pieces together here. He seems way too comfortable with the explanation of how he thinks it happened.

This almost feels like a social experiment.

Either way, it sucks to live in an environment where paranoia reigns supreme. I'm looking at you China.

Michael98

newbie

Activity: 4

Merit: 0

Its a big loss. It is better to avoid using tor for using our accounts.

bitbunnny

legendary

Activity: 2912

Merit: 1068

WOLF.BET - Provably Fair Crypto Casino

I wish I had so much BTC in my wallet....

honesepotato

newbie

Activity: 1

Merit: 0

Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service , so I didnt care Certificate warning , and finally lead to the MITM , and I think the Hacker did not get my password, the transfer based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .

BTW I'm not the only Victim , You can check the hacker address : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f click some TXID, You will see all transactions Relayed by IP : Blockchain.info

Sorry for my english.

BADecker

legendary

Activity: 3906

Merit: 1373

Hacking gets in by accessing one of the computers that people type on. It doesn't generally happen by somebody hacking the blockchain or a password. We need to protect our computers from the hacking that happens because the ISP isn't protected well enough. We need MaidSafe. They are ready for you to download their setup. And if you want to start programming for them, they are ready for that, as well.

LeMiner

member

Activity: 139

Merit: 10

His browser either got hijacked with spyware or his OS. Then the second option would be that the tor exit node falsified the http/ssl certificate to be able to sniff on the password, the last is very unlikely.

If you're storing that much bitcoins one would be wise to store them offline.... Or at least on a separate Linux pc only used to store bitcoins running a good secure wallet.

seriouscoin

hero member

Activity: 658

Merit: 500

Quote from: btcxyzzz on October 14, 2014, 03:39:05 AM

Here's the recipe for fairly secure storage of your crypto-wealth:

Linux operating system. Updated, running rootkit/keylogger detectors from time to time.
Encrypted wallet(s), keeping the passwords in head or keepass.
Daily backup of wallets to 2 other locations, over the Internet. Fwbackups is good GUI option that uses rsync/sftp.

For extremely paranoid people, cold/offline wallets or paper-wallets, but that's a bit of an overkill, I think the first method is 99.9% safe.

and 100% of false security.

Any wallet thats online, encrypted or not is not safe, period.

Luckily, we have multisig wallet so you can atleast keep one private key offline only for signing tx.

BitCoinNutJob

legendary

Activity: 1316

Merit: 1000

Quote from: yatsey87 on October 13, 2014, 06:31:26 AM

Quote from: robhimself on October 13, 2014, 06:21:03 AM

Sucks if true, these scams just make BTC less appealing to the casual internet user.

If you're not safe to handle bitcoins then you're not safe enough to use online banking. If you've got a keylogger then it's going to capture everything.

Not totally true because of charge backs.

We need bitcoin to be user friendly, maybe it takes central authority like circle and paypal to deliver this right now.

Kluge

donator

Activity: 1218

Merit: 1015

Vitalik's theory sounds pretty likely. Remote control of PC. Possible he even had some kind of VNC server running, which seems insane, but so does most of this story.

bitcoin_purist

member

Activity: 75

Merit: 10

Fearless, except for those who are fearless

Quote from: yatsey87 on October 13, 2014, 06:31:26 AM

Quote from: robhimself on October 13, 2014, 06:21:03 AM

Sucks if true, these scams just make BTC less appealing to the casual internet user.

If you're not safe to handle bitcoins then you're not safe enough to use online banking. If you've got a keylogger then it's going to capture everything.

This is absolutely true.
Defend your precious property.
Only keep pocket change in hot wallets.

Velkro

legendary

Activity: 2296

Merit: 1014

What a loss...
Bitcoin security is something we must solve for common computer users. It must be easy, trezor did first attempt but we must do more as community.

jubalix

legendary

Activity: 2618

Merit: 1022

any coins stored on any service are not your coins.

unless you have full control of private keys, generated offline, and enter them to a clean linux install that never touches the internet, eg signed transactions, you will be likely hacked. Sure use an online wallet for very small amounts for convenience, eg you can afford to lose $10, just remember in 4 years that $10 could be 1~10K.
/thread

btcxyzzz

legendary

Activity: 888

Merit: 1000

Monero - secure, private and untraceable currency.

Here's the recipe for fairly secure storage of your crypto-wealth:

Linux operating system. Updated, running rootkit/keylogger detectors from time to time.
Encrypted wallet(s), keeping the passwords in head or keepass.
Daily backup of wallets to 2 other locations, over the Internet. Fwbackups is good GUI option that uses rsync/sftp.

For extremely paranoid people, cold/offline wallets or paper-wallets, but that's a bit of an overkill, I think the first method is 99.9% safe.

Topic: Tor+Blockchain wallet hacked? 633 btc loss - page 5. (Read 14334 times)