LiteCoinGuy
Legendary
 Offline
Activity: 1148
Merit: 1010
In Satoshi I Trust
|
 |
October 13, 2014, 04:01:49 PM |
|
can't believe that owner of 775 btc who is too lazy to protect his/her btc ....should more careful it's too shocking news he lost almost 236740$ it can change one's whole life....
other guys lost much more and they studied "computer science"  actualy we dont know anything about this case. i doubt it was because if Tor. i think it was his shitty computer (maleware etc). |
|
|
|
|
|
|
|
|
|
|
|
|
No Gods or Kings. Only Bitcoin
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
trout
|
|
October 13, 2014, 05:20:27 PM |
|
probably a man-in-the-middle attack performed by a TOR exit node.
just a reminder that in general it is not a good idea to use TOR to access
clearnet (that is, "normal" web addresses, as opposed to TOR hidden services).
What TOR makes secure in this case is the connection to the so-called TOR exit
node, which connects for you to your destination address, and sends you
the data back over the TOR network, thus acting as a proxy. However, you are effectively trusting
the exit node not to fiddle with the data it forwards. Since the exit node can be
anybody (you can set up one, too), there is really no reason to trust it.
In particular, they can redirct your blockchain.info request to a fake site,
or strip your communication of its SSL and read all of it.
If you still want to use TOR to access clear net, and want to make this secure,
you have to download and install SSL certificates of every site you are going to use, in this
case of blockchain.info .
|
|
|
|
|
nelruk
Member
Offline
Activity: 115
Merit: 11
Bitcoin is revolution
|
|
October 13, 2014, 05:31:13 PM |
|
I know I'm gonna talk about other people said and besides we're talking about something happened. In other posts where people claimed their BTC stolen happen the same thing and I mean a common factor which is online wallet. I know (if is true of course) this won't work for what they stealed you but it's important to remark and use offline wallet account when you have >100 BTC and is only for your security. Most people in this forum and Reedit say Armory is a good and easy one to use. I own <10 BTC but either way is hard to lost something invested and more important, leave the BTC with bad image.  |
|
|
|
odolvlobo
Legendary
Offline
Activity: 4298
Merit: 3214
|
|
October 13, 2014, 07:58:00 PM
Last edit: October 15, 2014, 06:33:07 PM by odolvlobo |
|
... Then there was an error message pop up, he closed it and refreshed the wallet page...
That was probably a key moment. |
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
|
PhilipMorris
|
|
October 13, 2014, 09:32:30 PM |
|
This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
|
|
|
|
|
doubleredrolex
Full Member
Offline
Activity: 211
Merit: 100
I Believe
|
|
October 13, 2014, 10:27:28 PM |
|
Need a good password program and 2FA login security for sure.
|
|
|
|
|
|
tzortz
|
|
October 13, 2014, 10:30:19 PM |
|
Holly, this is huge!
|
All is Mine!
1H7LUdfx9AFTMSXPsCBror3RDk57zgnc2R
|
|
|
|
BTCmoons
|
|
October 13, 2014, 10:33:20 PM |
|
This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning. The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet. IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen) |
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
October 13, 2014, 10:42:43 PM |
|
I was exploring this ( 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f) address to find some clues, and I just found that this address perhaps is connected to some previous scams (perhaps - not proved for sure...) One of the transactions. Sender address is connected with https://bitcointalk.org/index.php?topic=744692.msg8460225#msg8460225. But well ... it doesn't change anything...  maybe someone will find something more interesting about it. But it might be just a waste of time. Thing is to be careful if you are using Tor. the blockchain.info wallet is a html5/javascript local client.
tor and javascript are known to not go well together for security reasons. it's recommended to have javascript disabled when using tor.
go figure.
|
|
|
|
|
|
PhilipMorris
|
|
October 13, 2014, 11:02:17 PM |
|
This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning. The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet. IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen) They can even inject fake SSL-lock icons inside your browser. Not much people will notice. |
|
|
|
|
luckyluigi
Member
Offline
Activity: 239
Merit: 10
|
|
October 14, 2014, 02:46:39 AM |
|
Well, the other day I left 250k laying on my table, and when I came back to the house, my new maid had stolen it all! Happens to the best of us.
|
|
|
|
|
SomethingElse
Full Member
Offline
Activity: 210
Merit: 100
Looking for the next big thing
|
|
October 14, 2014, 03:16:49 AM |
|
that is soooo terrible.
thanks for posting.
I just have a few bitcoin but I will remember this.
|
NEM
|
|
|
|
TrailingComet
|
|
October 14, 2014, 05:07:29 AM |
|
Mindbogglingly scary stuff. Can't imagine how the affected guy feels. What will he do if btc ever really does take off. The psychological costs of theft on this scale must be acute
|
|
|
|
|
Window2Wall
|
|
October 14, 2014, 06:45:11 AM |
|
I was exploring this ( 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f) address to find some clues, and I just found that this address perhaps is connected to some previous scams (perhaps - not proved for sure...) One of the transactions. Sender address is connected with https://bitcointalk.org/index.php?topic=744692.msg8460225#msg8460225. But well ... it doesn't change anything... maybe someone will find something more interesting about it. But it might be just a waste of time. Thing is to be careful if you are using Tor. the blockchain.info wallet is a html5/javascript local client.
tor and javascript are known to not go well together for security reasons. it's recommended to have javascript disabled when using tor.
go figure.
It is generally not efficient to look at individual transactions to try to track down where stolen bitcoin went. Someone could easily create a new address to receive the stolen bitcoin and then use a mixer to hide where he wants them to eventually end up |
|
|
|
|
|
nextblast
|
|
October 14, 2014, 06:57:51 AM |
|
I saw it in the Chinese section too. It's kind of hard to believe, since Blockchain just got a lot of money from VC.
|
|
|
|
|
|
seriouscoin
|
|
October 14, 2014, 07:14:15 AM |
|
This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning. The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet. IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen) They can even inject fake SSL-lock icons inside your browser. Not much people will notice. you dont get it do you? lol at your research... look like you have to spend alot more time. |
|
|
|
|
|
seriouscoin
|
|
October 14, 2014, 07:16:34 AM |
|
I saw it in the Chinese section too. It's kind of hard to believe, since Blockchain just got a lot of money from VC.
This has nothing to do with Blockchain.info, idiot. The whole wallet encryption and decryption is done client side, bockchain.info doesnt store shit. |
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1032
|
|
October 14, 2014, 07:24:09 AM |
|
On Tor, you are allowing someone to be a man-in-the-middle. The exit node can see and intercept all traffic between you and the website, can present a fake phishing site to you, can record all traffic, can wrap SSL in their own certificate, etc. It is anonymous but not secure.
It is more likely that the computer was trojaned though. The PC cannot be trusted, it should be wiped and reloaded. It is not a good idea to let your "friends" use your computer that accesses your Bitcoins, many people would find 600 BTC + more valuable than a friendship.
|
|
|
|
|
btcxyzzz
Legendary
Offline
Activity: 888
Merit: 1000
Monero - secure, private and untraceable currency.
|
|
October 14, 2014, 07:39:05 AM |
|
Here's the recipe for fairly secure storage of your crypto-wealth: - Linux operating system. Updated, running rootkit/keylogger detectors from time to time.
- Encrypted wallet(s), keeping the passwords in head or keepass.
- Daily backup of wallets to 2 other locations, over the Internet. Fwbackups is good GUI option that uses rsync/sftp.
For extremely paranoid people, cold/offline wallets or paper-wallets, but that's a bit of an overkill, I think the first method is 99.9% safe. |
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
October 14, 2014, 07:40:34 AM
Last edit: October 14, 2014, 08:50:47 PM by jubalix |
|
any coins stored on any service are not your coins.
unless you have full control of private keys, generated offline, and enter them to a clean linux install that never touches the internet, eg signed transactions, you will be likely hacked. Sure use an online wallet for very small amounts for convenience, eg you can afford to lose $10, just remember in 4 years that $10 could be 1~10K.
/thread
|
|
|
|
|
