Malicious Bitcoin Address Rewrites

[dissipate]

Has anyone considered a rather cheap but effective attack on someone using Bitcoin? It seems to me that all someone would need to do to potentially steal a bunch of coins from someone is to simply set up some kind of network sniffer that detects any Bitcoin addresses being sent, and rewrites them with an address from the attacker's wallet. For instance, if I am using Bitcoin at work, a malicious sysadmin could set up a proxy server that automatically rewrites all unencrypted Bitcoin addresses I am receiving with addresses from his own Bitcoin wallet. This wouldn't work for web sites that were loading with HTTPS, but it would work for any other unencrypted traffic it seems. This could be really bad if someone messaged me a Bitcoin address to send a bunch of BTC to and it got rewritten. I bet the opposite could be done as well, where the attacker rewrites all Bitcoin addresses going out. I try to submit a withdrawal address to someone or some site, and it gets rewritten with the attacker's address, so they receive any BTC that gets cashed out. Any way to stop this attack?

[1715444458]

1715444458

[1715444458]

1715444458

[1715444458]

1715444458

[benjamindees]

Yes, you are correct that this is a weak point in performing a Bitcoin transaction.  One way to mitigate it is with a vanity address.

1SLAND4JQt2mhypA6cR7TSh2UunW4NU4y

[flyable]

I think every message is signed with the private key. You can not modify it.

[dissipate]

I think every message is signed with the private key. You can not modify it.

A Bitcoin transaction is signed with the private key, but public addresses can certainly be rewritten on the fly.

[Foxpup]

This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already?

I think every message is signed with the private key. You can not modify it.

True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address.

[flyable]

This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already?

I think every message is signed with the private key. You can not modify it.

True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address.

The same logic for the paypal email, the bank account...

[dissipate]

This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already?

I think every message is signed with the private key. You can not modify it.

True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address.

In theory, every Bitcoin address received should be encrypted. However, in practice, this probably isn't going to happen. Just as an example, a lot of the sites here: https://en.bitcoin.it/wiki/Donation-accepting_organizations_and_projects have their donation Bitcoin address on an unencrypted web page. If I tried to send a large donation to one of those sites, the Bitcoin address could fairly easily be rewritten upon page load.

[luv2drnkbr]

No, transactions are signed with the private key of the sending address.  This can be verified using the public key, ie the sender's address.  Any alteration to the plain text would make the signature verification fail.  This is standard public key cryptography.

Public key cryptography means that one address can send a message aka a transaction out to the network and everybody can verify that the message has not been altered.  So a man in the middle attack could only stop the transaction from being sent out in the network by blocking it (or altering it so it would be rejected and never get in a block).  Just changing the sent to address is not possible.

[Foxpup]

The same logic for the paypal email, the bank account...

...implies that PayPal sucks (as if we didn't already know that) and that if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does.

In theory, every Bitcoin address received should be encrypted. However, in practice, this probably isn't going to happen. Just as an example, a lot of the sites here: https://en.bitcoin.it/wiki/Donation-accepting_organizations_and_projects have their donation Bitcoin address on an unencrypted web page. If I tried to send a large donation to one of those sites, the Bitcoin address could fairly easily be rewritten upon page load.

You mean signed, not encrypted, but otherwise you are correct. Of course, it's not necessary to use HTTPS for this - GPG and Web of Trust works too, assuming people are diligent about verifying signatures. Though obviously you shouldn't sign your Bitcoin address with itself and think you've done something useful...

No, transactions are signed with the private key of the sending address.  This can be verified using the public key, ie the sender's address.  Any alteration to the plain text would make the signature verification fail.  This is standard public key cryptography.

Public key cryptography means that one address can send a message aka a transaction out to the network and everybody can verify that the message has not been altered.  So a man in the middle attack could only stop the transaction from being sent out in the network by blocking it (or altering it so it would be rejected and never get in a block).  Just changing the sent to address is not possible.

Please re-read the original post. This question has nothing to do with modifying Bitcoin transactions, it is about modifying Bitcoin addresses as they appear on a webpage, before a transaction is made in order to trick users into sending coins to the attacker's address.

[Herodes]

Has anyone considered a rather cheap but effective attack on someone using Bitcoin? It seems to me that all someone would need to do to potentially steal a bunch of coins from someone is to simply set up some kind of network sniffer that detects any Bitcoin addresses being sent, and rewrites them with an address from the attacker's wallet. For instance, if I am using Bitcoin at work, a malicious sysadmin could set up a proxy server that automatically rewrites all unencrypted Bitcoin addresses I am receiving with addresses from his own Bitcoin wallet. This wouldn't work for web sites that were loading with HTTPS, but it would work for any other unencrypted traffic it seems. This could be really bad if someone messaged me a Bitcoin address to send a bunch of BTC to and it got rewritten. I bet the opposite could be done as well, where the attacker rewrites all Bitcoin addresses going out. I try to submit a withdrawal address to someone or some site, and it gets rewritten with the attacker's address, so they receive any BTC that gets cashed out. Any way to stop this attack?

That's why you use PGP, HTTPS or other encryption methods.

[flyable]

...implies that PayPal sucks (as if we didn't already know that) and that if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does.

The thief can modify the "paypal donate button" on the website which is not using SSL to protect it...
Yes, it is a problem for bitcoin(a P2P coin). There is no "complaint process" like paypal.
Only the bitcoin address on the HTTPS site is trustable. I think most of people(include me) do not aware about this. Thanks for your post!

[repentance]

Didn't this actually happen on some website last year when people were C&Ping their Bitcoin address?  I'm sure there was a thread about it and people were being advised to double check the address in the field before hitting submit because it was being changed.

[Mike Hearn]

Yes, this is an obvious problem that the team has known about for a long time. Related: a virus on your computer that rewrites addresses.

The solution is to move the community away from putting raw addresses into text and documents in favor of bitcoin: URLs, which contain the address but also a verification endpoint like "amazon.com" or "my-social-network.com/user1234". Then there is a simple protocol to prove ownership of a given address by signing a nonce with the associated private key. What you then see in your software/second-factor/phone/etc is not the address (which is meaningless anyway) but the domain name/path, or verified identity string of the receipient (eg EV SSL can do this).

[n8rwJeTt8TrrLKPa55eU]

Not sure if this is what Mike is referring to, but there was another thread somewhere proposing adding Bitcoin address records to DNS, whereby domains could self-associate valid receiving addresses, deprecate old addresses, and do other kinds of nifty things.  That could also be used as a cheap second level address verification system by clients, presenting additional info to users as to what associated domain their funds are being sent to, prior to approving the transaction.  Not perfect, subject to all the caveats about DNS spoofing and such, but still better than the current situation.

[dissipate]

It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/

Yikes!

[ElectricMucus]

You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses.

It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/

Yikes!

You can connect to satoshidice using their selfsigned ssl though.

[dissipate]

You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses.

It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/

Yikes!

You can connect to satoshidice using their selfsigned ssl though.

That triggered a security alert in my browser. Not good.

[ElectricMucus]

You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses.

It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/

Yikes!

You can connect to satoshidice using their selfsigned ssl though.

That triggered a security alert in my browser. Not good.

That's normal, because it's self signed alas no trusted 3rd party authority. If I am correct in theory if an attacker can intercept the whole connection he can break it but not if you establish the thrust using a secure connection. (lets say your home internet access) and use it (lets say you connect your notebook to your work lan) at an untrusted location afterwards.

[dissipate]

You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses.

It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/

Yikes!

You can connect to satoshidice using their selfsigned ssl though.

That triggered a security alert in my browser. Not good.

That's normal, because it's self signed alas no trusted 3rd party authority. If I am correct in theory if an attacker can intercept the whole connection he can break it but not if you establish the thrust using a secure connection. (lets say your home internet access) and use it (lets say you connect your notebook to your work lan) at an untrusted location afterwards.

In my opinion this is pretty bad. People probably aren't exploiting this now because they don't know about Bitcoin, but who knows in the future. These sites should definitely be using SSL with 3rd party certs.

[ElectricMucus]

You are speaking of a man-in-the middle attack which is not surprising that it would be possible to exploit it. It's not an exploit to bitcoin per se but to the way people share addresses.

It looks like Satoshi Dice would be a prime candidate for this attack, their page doesn't use SSL: http://satoshidice.com/

Yikes!

You can connect to satoshidice using their selfsigned ssl though.

That triggered a security alert in my browser. Not good.

That's normal, because it's self signed alas no trusted 3rd party authority. If I am correct in theory if an attacker can intercept the whole connection he can break it but not if you establish the thrust using a secure connection. (lets say your home internet access) and use it (lets say you connect your notebook to your work lan) at an untrusted location afterwards.

In my opinion this is pretty bad. People probably aren't exploiting this now because they don't know about Bitcoin, but who knows in the future. These sites should definitely be using SSL with 3rd party certs.

You have to pay for those though, they are not cheap and depending on your webhost this is even somewhat of a hassle. Generally I agree.

If you are concerned as said above sign your message with your privkey using the bitcoin client and point your trade partner to verify it.

[DeathAndTaxes]

You can get entry level SSL certs for $40 or less these days.

The entry level certs are domain not entity verification and don't have the fancy "green address bar" but they do provide the same top level encrypted communication.

An example:   https://www.rapidssl.com

If someone can't afford $40 they shouldn't be working with financial data.

Hmm maybe we should offer SSL paid in BTC. 

[dissipate]

You can get entry level SSL certs for $40 or less these days.

The entry level certs are domain not entity verification and don't have the fancy "green address bar" but they do provide the same top level encrypted communication.

An example:   https://www.rapidssl.com

If someone can't afford $40 they shouldn't be working with financial data.

Hmm maybe we should offer SSL paid in BTC. 

That's what I thought. I've bought SSL certs before and it was around that price. As for buying SSL certs with Bitcoin, that would be cool but I don't think the sale could be anonymous since you have to provide some identifying info to get the cert.

[DannyHamilton]

. . . if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does . . .

. . . Please re-read the original post. This question has nothing to do with modifying Bitcoin transactions, it is about modifying Bitcoin addresses as they appear on a webpage, before a transaction is made in order to trick users into sending coins to the attacker's address . . .

I'd say the same should be true about this second point as the first.

If someone sends you sensitive bitcoin information in email or allows online access to sensitive bitcoin information without HTTPS, then there is something dreadfully wrong with their security and you should refuse to do business with them and take your business elsewhere.

 

[BladeMcCool]

you could include extra stuff that wont be so easily sniffed like some text that restates the last few digits of the address, or say "digits 10-15 of the address should read 3d2Kv1" .. might help. maybe image of the address instead of the plain text too.

also, i'm thinking that anything browsed via Tor (even regular http web site viewed through an exit node) should be safe from that kind of attack as well, because the transport is all encrypted up until your machine receives and decrypts it. with that last example, i could see malicious routers in between the exit node and the actual website being a problem however.

and with the state eventually trying to "shut down" bitcoin, and internet freedom in general, you can bet that the number of "malicious routers" outside the Tor network will be steadily on the rise. Honestly I think everyone will be using VPN+Tor for pretty much everything within a few short years. The un-onioned web will just be too risky to play on for all but the most subservient slaves.

[benjamindees]

I've been thinking for a while now that it would be nice to have a little app that could be used for "reputation management" with Bitcoin.  It should integrate the -otc web of trust with pgp messaging and the ability to sign with Bitcoin keys.  Perhaps it could be integrated with websites as well, like Bitmit, and recognize self-signed SSL certs.  Basically just tie everything together, to give the average user a layer of identity services to use with Bitcoin.