Categories: News

How a Rogue Tor node hijacked Blockchain.info accounts

 

Blockchain.info security concerns

You may have noticed recent reports about people having their bitcoins stolen from Blockchain.info. Many report that their accounts have been hacked into and their coins withdrawn. What caused the recent spike in account breaches at blockchain.info?

According to the blockchain PR account blockchainwallet on reddit, the top 3 issues concerning their security are:

  • Malicious Tor exit nodes
  • Weak password management
  • Sophisticated phishing attacks

Securing your coins

Having a strong password with many different characters is a no brainer and I hope most of you are using different passwords for different accounts. Phishing attacks can be avoided by accessing blockchain.info by typing it’s address in the url bar in your browser. We reported previously about a phishing site for blockchain.info which appeared at the top of the front page on google because of a google adword campaign. That attack wasn’t very successfull because redditors brought it to google’s attention prompty and the phishing site got taken down.

Tor nodes perform MITM attack

Lastly, the most recent security issue which caused massive btc losses for customer funds was due to malicious Tor nodes. The attack was a simple and archaic MITM (man in the middle) attack. In simple terms the exit node does not know where the traffic originates from (the TOR user) but it can intercept the traffic if it is not encrypted. So, when someone accessed blockchain.info the rogue exit node would record the data being send and extract a victims wallet ID and the password. The catch here is that blockchain and many other sites that have the user send sensitive account information encrypt their traffic using SSL. So even if somebody was looking at the packets exchanged the information would be encrypted and the attacker would not be able to get the password.

Related Post

Well, the rogue exit node was able to strip the SSL from blockchain.info. Those who noticed in the upper left corner would see that they are connecting to a http:// version of the site. When not using https:// protocol the information is not encrypted and thus you can fall victim to a MITM attack.

 Blockchain.info Onion Mirror: http://blockchatvqztbll.onion

Now, if you try to connect to blockchain.info using tor you will get the above message. Blockchain has made a .onion mirror which ensure the integrity and encryption of traffic. Furthermore, it looks like they fixed a bug where you could connect to a SSL stripped version of the site, which is yet another preventative measure to a MITM vulnerability.

Blockchain.info uses something that is called HSTS. What it does is force all your request to go through https if you ever accessed the site with https before. Now, when somebody accesses blockchain by typing http:// then the HSTS header is not sent to force those https connections, and the tor browser bundle by default will not save the HSTS header either. That leaves rogue exit nodes free to start doing redirects. What blockchain could do is set a static page for any incoming http connection and tell the user to reconnect using https that way the HSTS header would be set and the user would end up accessing the site over a secure, encrypted connection.

Overall blockchain.info is a reliable and competent wallet service which was able to identify and solve a problem it had no obligation to solve. I recommend this wallet service to anyone new to bitcoin. Their mobile app is extremely slick and responsive and makes it simple to send and receive coins.

Follow us on twitter @themerklenews for the latest bitcoin related news which include bitcoin market analysis with market price prediction.

Mark Arguinbaev

I'm a 28 year old cryptocurrency entrepreneur. I was introduced to Bitcoin in 2013 and have been involved with it ever since. Fun Fact: I mined cryptocurrency using my college dorm room's free electricity.

Share
Published by
Mark Arguinbaev

Recent Posts

Embr’s Innovative CeDeFi Ecosystem Aims to Provide Long-term Value To Investors

There has been a lot of discussion about decentralization and why it is essential for…

13 hours ago

Top 5 Yield Farming Coins to Watch In 2022

With the recent boom of Metaverse and Meme coins, it seems that Yield Farming projects…

17 hours ago

Shiba Inu Price Up 5%, Gemini Adds SHIB to Its Platform

Shiba Inu price is up 5% today, peaking at $0.00005592 with a low of $0.00005235.…

23 hours ago

5 Metaverse Coins Valued Under $100 Million

With metaverse applications being the next big trend in crypto, there are still a lot…

1 day ago

The Work From Home Revolution Has Arrived

With many employers and employees acknowledging the feasibility of remote work, the possibility of it…

1 day ago

WAX Price Up 44%, Increased User Adoption Signals Growing Interest in the Platform

WAX price is up over 44% today, making it the biggest gainer on Crypto.com. With…

2 days ago

This website uses cookies.