Bitcoin Forum

Was accessing my wallet from Tor and then suddenly, 1.84100102 BTC was transferred to 1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

2FA was always enabled. Using google auth.

Do I have any recourse?

How is it possible buddy ? How can anyone stole bitcoins from ur blockchain wallet without knowing ur identifier and password . I am totally confused about this issue. If this is really happening, then i have to stop using blockchain and have to transfer my all funds to a secure btc wallet.

i think it has something to do with malicious Tor exit nodes.

so whatever you do, don't use Tor with web wallets  >:(

You should search the forum about blockchain.info wallets and tor. You are not the only one with funds stolen. Tor and web wallets don't mix.

sounds familiar:

https://bitcointalk.org/index.php?topic=821829

Do not use TOR to access your wallet / blockchain.info, I believe you were the victim of man-in-the-middle attack, there is known POODLE vulnerability in TSL/SSL that's being exploited in TOR network

similar thread :
https://bitcointalk.org/index.php?topic=828238.0

i know it's not a huge amount, but do I have any recourse?

1.8 BTC isn't a huge amount?...Damn I wish I had that much. It's hard to get it back...particularly due to the nature of cryptocurrency

Bitcoin transcation is irreversible and I am afraid you won't be able to get your bitcoin back.

how is this possible, i see a lot of posts about losing bitcoins while using Tor but all of them have one thing in common: they don't have 2FA.
are you sure you didn't mess up like using wrong recipient address

I also know someboy who have had the same experience. If the exit node is running by a criminal you may loose all your coins.

It has to do something with javascript and tor running along. There are a lot of security issues doing it, and there have been several cases of this happening.

far more likely than a man in the middle attack.

Yes Tor & any online wallet don't mix & you should expect to lose everything. Never access with Tor you will regret it. It's the same with emails and other things too.

So how is TOR safe if someone can do this?

This is using the POODLE exploit, it's genius. Only way to stop it is to disable SSL 3.0 on both ends. So using TOR only makes the MITM part easier, it's not that TOR is the only way to accomplish this.

Looks like whoever it is has been pretty active: https://blockchain.info/address/1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

WOW  :o

Tor is pretty safe as long as you download all the updates. The latest Tor update disabled SSL3 and it is not possible to MITM attack with the newest version.

It's exit nodes that are the problem.

I don't know Tor enough to be criticising it, but the whole idea seems rather unsafe. I don't feel comfortable with typing any passwords in it.

people who using TOR to access blockchain faced this problem
it was an issue with exit node on tor network

Traffic coming out of tor exit nodes are unencrypted. Rogue exit nodes can potential capture unencrypted information transmitted using HTTP instead of HTTPS. Alternatively, vulnerbilities in HTTPS can allow those exit nodes to see encrypted information and capture your passwords.

blockchain uses https (obviously). If there is a problem with that, a man in the middle attack wouldnt be confined to tor at all. Anyone who could snoop your traffic would be able to steal your coins, and that would be problematic to put it mildly.

That's not true. In order to use the POODLE exploit you need to be able to modify the stream, not just read it.

The problem is only with webservers which allow SSL3. Everyone should disable SSL3 to prevent the attack.

blockchain.info uses cloudflare, which seems to mean they don't use SSL3 - which leaves me wonder how this attack is being successful.