Categories: News

How a Rogue Tor node hijacked Blockchain.info accounts

 

Blockchain.info security concerns

You may have noticed recent reports about people having their bitcoins stolen from Blockchain.info. Many report that their accounts have been hacked into and their coins withdrawn. What caused the recent spike in account breaches at blockchain.info?

According to the blockchain PR account blockchainwallet on reddit, the top 3 issues concerning their security are:

  • Malicious Tor exit nodes
  • Weak password management
  • Sophisticated phishing attacks

Securing your coins

Having a strong password with many different characters is a no brainer and I hope most of you are using different passwords for different accounts. Phishing attacks can be avoided by accessing blockchain.info by typing it’s address in the url bar in your browser. We reported previously about a phishing site for blockchain.info

which appeared at the top of the front page on google because of a google adword campaign. That attack wasn’t very successfull because redditors brought it to google’s attention prompty and the phishing site got taken down.

Tor nodes perform MITM attack

Lastly, the most recent security issue which caused massive btc losses for customer funds was due to malicious Tor nodes. The attack was a simple and archaic MITM (man in the middle) attack. In simple terms the exit node does not know where the traffic originates from (the TOR user) but it can intercept the traffic if it is not encrypted. So, when someone accessed blockchain.info the rogue exit node would record the data being send and extract a victims wallet ID and the password. The catch here is that blockchain and many other sites that have the user send sensitive account information encrypt their traffic using SSL. So even if somebody was looking at the packets exchanged the information would be encrypted and the attacker would not be able to get the password.

Related Post

Well, the rogue exit node was able to strip the SSL from blockchain.info. Those who noticed in the upper left corner would see that they are connecting to a http:// version of the site. When not using https:// protocol the information is not encrypted and thus you can fall victim to a MITM attack.

 Blockchain.info Onion Mirror: http://blockchatvqztbll.onion

Now, if you try to connect to blockchain.info using tor you will get the above message. Blockchain has made a .onion mirror which ensure the integrity and encryption of traffic. Furthermore, it looks like they fixed a bug where you could connect to a SSL stripped version of the site, which is yet another preventative measure to a MITM vulnerability.

Blockchain.info uses something that is called HSTS. What it does is force all your request to go through https if you ever accessed the site with https before. Now, when somebody accesses blockchain by typing http:// then the HSTS header is not sent to force those https connections, and the tor browser bundle by default will not save the HSTS header either. That leaves rogue exit nodes free to start doing redirects. What blockchain could do is set a static page for any incoming http connection and tell the user to reconnect using https that way the HSTS header would be set and the user would end up accessing the site over a secure, encrypted connection.

Overall blockchain.info is a reliable and competent wallet service which was able to identify and solve a problem it had no obligation to solve. I recommend this wallet service to anyone new to bitcoin. Their mobile app is extremely slick and responsive and makes it simple to send and receive coins.

Follow us on twitter @themerklenews for the latest bitcoin related news which include bitcoin market analysis with market price prediction.

Mark Arguinbaev

I'm a 29 year old cryptocurrency entrepreneur. I was introduced to Bitcoin in 2013 and have been involved with it ever since. Fun Fact: I mined cryptocurrency using my college dorm room's free electricity.

Share
Published by
Mark Arguinbaev

Recent Posts

NYC Student Finds Fortune in BONK, Now Targets BlockDAG

Julia Ramirez, NYC Student, Turns $500 BONK Bet into Huge Gain, Now Sets Sights on…

3 hours ago

Bitcoin Holds Strong Amidst Federal Reserve Cuts: Bitget & Plus Wallet at the Forefront of Web3 Breakthroughs

Why Plus Wallet is the Go-To for Bitcoin Enthusiasts & Bitget Traders Alike As Bitcoin…

5 hours ago

Best Crypto’s To Buy This Winter: LNEX, INJ, PEPE & XRP

As the bull run picks up steam, multiple different crypto’s from multiple different sectors will…

6 hours ago

Polkadot Price Set For Breakout in Bull Market. How Does Rollblock Compare to SOL and DOT 

Polkadot's heating up, and it looks like some other coins are right behind it. With…

6 hours ago

Crypto Market News: Solana and Pepe in Positive Market While Rollblock Presale Hits $5 Mil Mark 

Going by recent crypto market news, crypto investors are about to come upon decent profits.…

6 hours ago

Plus Wallet & Stablecoin Initiatives: Incentives, Security, & Market Tactics for 2024

Plus Wallet's Comprehensive Rewards System Takes Centrestage - Ripple & Sundog Make Waves The growing…

6 hours ago