Bitcoin Forum
June 24, 2024, 04:42:16 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
Author Topic: Tor+Blockchain wallet hacked? 633 btc loss  (Read 14303 times)
Velkro
Legendary
*
Offline Offline

Activity: 2296
Merit: 1014



View Profile
October 14, 2014, 08:39:16 AM
 #41

What a loss...
Bitcoin security is something we must solve for common computer users. It must be easy, trezor did first attempt but we must do more as community.
bitcoin_purist
Member
**
Offline Offline

Activity: 75
Merit: 10

Fearless, except for those who are fearless


View Profile
October 14, 2014, 08:46:22 AM
 #42

Sucks if true, these scams just make BTC less appealing to the casual internet user.

If you're not safe to handle bitcoins then you're not safe enough to use online banking. If you've got a keylogger then it's going to capture everything.
This is absolutely true.
Defend your precious property.
Only keep pocket change in hot wallets.
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
October 14, 2014, 09:01:50 AM
 #43

Vitalik's theory sounds pretty likely. Remote control of PC. Possible he even had some kind of VNC server running, which seems insane, but so does most of this story.
BitCoinNutJob
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000


View Profile
October 14, 2014, 09:07:00 AM
 #44

Sucks if true, these scams just make BTC less appealing to the casual internet user.

If you're not safe to handle bitcoins then you're not safe enough to use online banking. If you've got a keylogger then it's going to capture everything.

Not totally true because of charge backs.  

We need bitcoin to be user friendly, maybe it takes central authority like circle and paypal to deliver this right now.
seriouscoin
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


View Profile
October 14, 2014, 09:13:37 AM
 #45

Here's the recipe for fairly secure storage of your crypto-wealth:

  • Linux operating system. Updated, running rootkit/keylogger detectors from time to time.
  • Encrypted wallet(s), keeping the passwords in head or keepass.
  • Daily backup of wallets to 2 other locations, over the Internet. Fwbackups is good GUI option that uses rsync/sftp.

For extremely paranoid people, cold/offline wallets or paper-wallets, but that's a bit of an overkill, I think the first method is 99.9% safe.

and 100% of false security.

Any wallet thats online, encrypted or not is not safe, period.

Luckily, we have multisig wallet so you can atleast keep one private key offline only for signing tx.
LeMiner
Member
**
Offline Offline

Activity: 139
Merit: 10


View Profile
October 14, 2014, 09:18:53 AM
 #46

His browser either got hijacked with spyware or his OS. Then the second option would be that the tor exit node falsified the http/ssl certificate to be able to sniff on the password, the last is very unlikely.


If you're storing that much bitcoins one would be wise to store them offline.... Or at least on a separate Linux pc only used to store bitcoins running a good secure wallet.
BADecker
Legendary
*
Offline Offline

Activity: 3822
Merit: 1373


View Profile
October 14, 2014, 10:51:33 AM
 #47

Hacking gets in by accessing one of the computers that people type on. It doesn't generally happen by somebody hacking the blockchain or a password. We need to protect our computers from the hacking that happens because the ISP isn't protected well enough. We need MaidSafe. They are ready for you to download their setup. And if you want to start programming for them, they are ready for that, as well.

Smiley

Cure your cancer at home. Ivermectin, fenbendazole, methylene blue, and hydroxychloroquine (HCQ) are chief among parasite drugs. Find out that all disease is based in parasites or pollution, and what you can easily do about it - https://www.huldaclark.com/, https://thedrardisshow.com/, https://thehighwire.com/.
honesepotato
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
October 14, 2014, 11:28:53 AM
 #48

Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning  , and finally lead to the MITM , and I think the Hacker did not get my password,  the transfer  based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .



BTW    I'm not the only Victim ,  You can check the hacker address  : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f  click some TXID, You will see all transactions  Relayed by IP : Blockchain.info



Sorry for my english.
bitbunnny
Legendary
*
Offline Offline

Activity: 2912
Merit: 1068


WOLF.BET - Provably Fair Crypto Casino


View Profile
October 14, 2014, 11:55:00 AM
 #49

I wish I had so much BTC in my wallet....

Michael98
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
October 14, 2014, 12:00:20 PM
 #50

Its a big loss. It is better to avoid using tor for using our accounts.
cma3
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
October 14, 2014, 12:21:52 PM
 #51

Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning  , and finally lead to the MITM , and I think the Hacker did not get my password,  the transfer  based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .



BTW    I'm not the only Victim ,  You can check the hacker address  : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f  click some TXID, You will see all transactions  Relayed by IP : Blockchain.info



Sorry for my english.



And the plot thickens.

Some things do not add up. Those with more knowledge may be able to put the pieces together here. He seems way too comfortable with the explanation of how he thinks it happened.

This almost feels like a social experiment.

Either way, it sucks to live in an environment where paranoia reigns supreme. I'm looking at you China.
PhilipMorris
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
October 14, 2014, 12:29:12 PM
 #52

This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning.

The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet.

IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen)

They can even inject fake SSL-lock icons inside your browser. Not much people will notice.

you dont get it do you? lol at your research... look like you have to spend alot more time.


What exactly I dont understand? I know exactly how these attacks are performed unlike you.
Gabralkhan
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
October 14, 2014, 01:12:54 PM
Last edit: October 14, 2014, 01:25:58 PM by Gabralkhan
 #53

I had personnaly the exact same problem for a transaction.

The event happened as followed, opened a Blockchain.info wallet through Tor Browser, initiated a Sharedcoin transfer that stayed pending with the window bugged, when i relogged to the wallet it was empty with a transaction going out to the address mentioned in the OP.

I have a report from another user that lost about 50 BTC with just logging into the wallet through TOR, the transfers are going to the exact same address mentioned...

My computer is secure and it is not a local hack or something related to the browser at all, the common factor in all the people that have these problems is TOR.

I'm not enough skilled in hacking to explain how it is possible to highjack the https connection through a TOR Node or to make these transfers happening, but it is possible for sure i can confirm you that personnaly and i paid a lot for that...

It seems it is only related to Blockchain.info + TOR so perhaps there are some reasons for these problems...
cr1776
Legendary
*
Offline Offline

Activity: 4074
Merit: 1303


View Profile
October 14, 2014, 01:53:36 PM
 #54

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
gog1
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


View Profile
October 14, 2014, 02:11:43 PM
 #55

sorry to hear the loss, but why would anyone with so much in BTC not learn to secure their only wallet?
sandykho47
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251

Knowledge its everything


View Profile
October 14, 2014, 02:16:11 PM
 #56

Never think someone keep his/her bitcoin in online wallet  Sad
Because there was often case people lose bitcoin in online wallet

sorry to hear the loss, but why would anyone with so much in BTC not learn to secure their only wallet?

Last time, there war a people who lost about 300 bitcoin. Because he put on online wallet  Sad

Kemampuanku Tidak semua orang memiliki dan dapat melakukannya . Tidak memakan kaum sendiri . dan mempunyai kode etik yang tidak masuk akal.
n0rBit
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
October 14, 2014, 02:21:56 PM
 #57

This person has probably been attacked with a man in the middle attack. I think he has used a malicious TOR exit node which was sniffing his traffic. They then messed with his SSL certificate to blockchain.info. Because of this the user was logging in at blockchain on an unsecure (HTTP) connection. The attacker was able to sniff his data, and get the password. Im doing researchs to these attacks as we speak. Very frightning.
This would not work. Everything is done on the client side as far as encrypting and decrypting the wallet, creating new private keys and signing TXs. If the SSl certificate was tampered with then he should have received a warning.

The only thing a TOR exit node would have been able to do is stop the TX from being broadcast or prevent the user from accessing his wallet.

IMO TOR had nothing to do with the fact his money was stolen (if it was in fact stolen)

They can even inject fake SSL-lock icons inside your browser. Not much people will notice.

you dont get it do you? lol at your research... look like you have to spend alot more time.


What exactly I dont understand? I know exactly how these attacks are performed unlike you.

Lol... Bitcointalk trolls are talking.
seoincorporation
Legendary
*
Offline Offline

Activity: 3192
Merit: 2990


Top Crypto Casino


View Profile
October 14, 2014, 02:39:16 PM
 #58

Hi,

I 'm the victim.
using tor just want to anonymous.
I'm sure my PC is safe, have not any malicious software
Tor browser downloaded from official website.

I'm sure this is MITM attack.
once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning  , and finally lead to the MITM , and I think the Hacker did not get my password,  the transfer  based on the transaction history of BC.INFO, and not a one-time sent all BTC of an address .



BTW    I'm not the only Victim ,  You can check the hacker address  : 1AaAYSunThcnsMdvgRqfCMKF68KacjM98f  click some TXID, You will see all transactions  Relayed by IP : Blockchain.info



Sorry for my english.

This is weird, i have some emperience in pen test, and im trying to find the way it happen.

Quote
I'm sure this is MITM attack.

Man in the middle attack is posible if the attack came from the LAN network:

192.168.1.x1 ----poison router ----> 192.168.1.254 -----Victim ----> 192.168.1.x2

But if you was using TOR a crazy idea came to my head, i dont know of is posible to make a MITM in the TOR network, but i think there is no way to make this. only if you are the FBI and you are making the "Operation Torpedo".

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
windpath
Legendary
*
Offline Offline

Activity: 1258
Merit: 1027


View Profile WWW
October 14, 2014, 03:05:23 PM
 #59

The real question is why would someone keep ~$250k worth of BTC on a web based wallet?

Did Gox teach us nothing?

With Bitcoin you are the bank.

It's a beautiful and dangerous thing.

IMO, if you do not control and protect your private keys you are setting yourself up for disaster.

spazzdla
Legendary
*
Offline Offline

Activity: 1722
Merit: 1000


View Profile
October 14, 2014, 03:36:47 PM
 #60

I.. I..

I only have 4-5 BTC and I am so protective I have them all in many different locations encrypted with different passes...
Pages: « 1 2 [3] 4 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!