Categories: News

How a Rogue Tor node hijacked Blockchain.info accounts

 

Blockchain.info security concerns

You may have noticed recent reports about people having their bitcoins stolen from Blockchain.info. Many report that their accounts have been hacked into and their coins withdrawn. What caused the recent spike in account breaches at blockchain.info?

According to the blockchain PR account blockchainwallet on reddit, the top 3 issues concerning their security are:

  • Malicious Tor exit nodes
  • Weak password management
  • Sophisticated phishing attacks

Securing your coins

Having a strong password with many different characters is a no brainer and I hope most of you are using different passwords for different accounts. Phishing attacks can be avoided by accessing blockchain.info by typing it’s address in the url bar in your browser. We reported previously about a phishing site for blockchain.info

which appeared at the top of the front page on google because of a google adword campaign. That attack wasn’t very successfull because redditors brought it to google’s attention prompty and the phishing site got taken down.

Tor nodes perform MITM attack

Lastly, the most recent security issue which caused massive btc losses for customer funds was due to malicious Tor nodes. The attack was a simple and archaic MITM (man in the middle) attack. In simple terms the exit node does not know where the traffic originates from (the TOR user) but it can intercept the traffic if it is not encrypted. So, when someone accessed blockchain.info the rogue exit node would record the data being send and extract a victims wallet ID and the password. The catch here is that blockchain and many other sites that have the user send sensitive account information encrypt their traffic using SSL. So even if somebody was looking at the packets exchanged the information would be encrypted and the attacker would not be able to get the password.

Related Post

Well, the rogue exit node was able to strip the SSL from blockchain.info. Those who noticed in the upper left corner would see that they are connecting to a http:// version of the site. When not using https:// protocol the information is not encrypted and thus you can fall victim to a MITM attack.

 Blockchain.info Onion Mirror: http://blockchatvqztbll.onion

Now, if you try to connect to blockchain.info using tor you will get the above message. Blockchain has made a .onion mirror which ensure the integrity and encryption of traffic. Furthermore, it looks like they fixed a bug where you could connect to a SSL stripped version of the site, which is yet another preventative measure to a MITM vulnerability.

Blockchain.info uses something that is called HSTS. What it does is force all your request to go through https if you ever accessed the site with https before. Now, when somebody accesses blockchain by typing http:// then the HSTS header is not sent to force those https connections, and the tor browser bundle by default will not save the HSTS header either. That leaves rogue exit nodes free to start doing redirects. What blockchain could do is set a static page for any incoming http connection and tell the user to reconnect using https that way the HSTS header would be set and the user would end up accessing the site over a secure, encrypted connection.

Overall blockchain.info is a reliable and competent wallet service which was able to identify and solve a problem it had no obligation to solve. I recommend this wallet service to anyone new to bitcoin. Their mobile app is extremely slick and responsive and makes it simple to send and receive coins.

Follow us on twitter @themerklenews for the latest bitcoin related news which include bitcoin market analysis with market price prediction.

Mark Arguinbaev

I'm a 29 year old cryptocurrency entrepreneur. I was introduced to Bitcoin in 2013 and have been involved with it ever since. Fun Fact: I mined cryptocurrency using my college dorm room's free electricity.

Share
Published by
Mark Arguinbaev

Recent Posts

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

4 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

10 hours ago

Forget DOGE and SHIB: These 5 Memecoins Are 2025’s Millionaire Makers

The memecoin craze is evolving, and a new wave of contenders is rising. With fresh…

19 hours ago

While Ethereum Approaches $6K, XYZVerse Prepares for a 16,900% Market Shakeup

As Ethereum's value inches toward unprecedented heights, another digital asset is set to make a…

19 hours ago

Four Meme Coins That Might Disappoint and One That Could Deliver Big Gains

Meme coins are the wild cards of the crypto world—one day they're "to the moon,"…

19 hours ago

Winter’s Altcoin Season to Explode: 3 Cryptos Every Trader Should Know!

As temperatures drop, the crypto market is heating up with anticipation. This winter could witness…

20 hours ago