Bitcoin Forum
November 13, 2024, 02:47:58 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
Author Topic: Tor+Blockchain wallet hacked? 633 btc loss  (Read 14349 times)
tzortz
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500



View Profile
October 14, 2014, 04:09:02 PM
 #61

I have lost too, but not that amount.

I hope you find it soon.

All is Mine!

1H7LUdfx9AFTMSXPsCBror3RDk57zgnc2R
pitiflin
Hero Member
*****
Offline Offline

Activity: 980
Merit: 507



View Profile
October 14, 2014, 09:14:44 PM
 #62

I lost 2 BTC in a similar way, using coinbase+tor

I got a "this connection is untrusted" message and when I refreshed the window the BTC were gone...

Since then I use Armory. But the funny thing is that for small amounts I changed to blockhain + tor...


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██

       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
.Better. Quick..

.Transparent....






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
rokkyroad
Legendary
*
Offline Offline

Activity: 1090
Merit: 1000


View Profile
October 14, 2014, 09:49:55 PM
 #63

Spend the money and use a good VPN service.

Don't trust Tor with finances. Tor is fine for anonymity but not security.

Sorry for your loss.

" If you have to spam and shout to justify your existence then you are a shit coin."  TaunSew
FattyMcButterpants
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250



View Profile
October 14, 2014, 11:22:32 PM
 #64

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage
pitiflin
Hero Member
*****
Offline Offline

Activity: 980
Merit: 507



View Profile
October 14, 2014, 11:25:39 PM
 #65

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██

       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
.Better. Quick..

.Transparent....






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
colinistheman
Hero Member
*****
Offline Offline

Activity: 907
Merit: 1003



View Profile
October 15, 2014, 03:40:03 AM
 #66

 
 
Does this explanation help you understand what happened here with this theft?



.
.BIG WINNER!.
[15.00000000 BTC]


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████

▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░████
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████

██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░

██░▄▄▄▄░████▄▄██▄░░░░
████████████▀▀▀▀▀▀▀██
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄

██░████████░███████░█
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████

▀████████████████████▀




Rainbot
Daily Quests
Faucet
arieq
Sr. Member
****
Offline Offline

Activity: 364
Merit: 256


View Profile
October 15, 2014, 11:14:20 PM
 #67


https://bitcointalk.org/index.php?topic=825058.0

It's caused by POODLE vulnerability in TSL/SSL, if you use TOR to access internet then someone might have stolen and read your traffic (read above thread by theymos)

cr1776
Legendary
*
Offline Offline

Activity: 4214
Merit: 1313


View Profile
October 16, 2014, 12:22:19 AM
 #68


With the recently announced POODLE flaw, I think that is probably it.  Particularly when you see "certificate doesn't match" etc.

btcduke
Member
**
Offline Offline

Activity: 70
Merit: 10

★Bitin.io★ - Instant Exchange


View Profile
October 16, 2014, 12:31:49 AM
 #69

Is it really? Thought of the lost coins won't be found forever, I feel a little sad.

scarsbergholden
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile
October 16, 2014, 01:31:10 AM
 #70

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

Jamacn
Full Member
***
Offline Offline

Activity: 236
Merit: 100



View Profile
October 16, 2014, 03:37:30 AM
 #71

Bitcoin biggest enemy is not the government? Is hacker?
zhouqi_cn
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
October 16, 2014, 04:09:15 AM
 #72

Why not use cold wallet?

比太钱包(Bither)
比太钱包 - 易用、安全的比特币钱包!
Bither - a simple and secure Bitcoin wallet!
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
October 16, 2014, 07:45:43 AM
 #73

Unfortunately OP, this is a common occurance.  Malicious Tor exit nodes are redirecting requests to known bitcoin wallets and exchanges to their own malicious version and stealing coins.  Even in SSL connections.  Always verify the SSL certificate fingerprint and make sure it is correct when you are doing Bitcoin related things on Tor.

omegaflare
Sr. Member
****
Offline Offline

Activity: 331
Merit: 250


View Profile
October 16, 2014, 08:34:03 AM
 #74

can't believe that owner of 775 btc who is too lazy to protect his/her btc ....should more careful it's too shocking news he lost almost  236740$ it can change one's whole life....

other guys lost much more and they studied "computer science"  Roll Eyes

actualy we dont know anything about this case. i doubt it was because if Tor. i think it was his shitty computer (maleware etc).

You summed it up perfectly.

omegaflare
Sr. Member
****
Offline Offline

Activity: 331
Merit: 250


View Profile
October 16, 2014, 08:34:42 AM
 #75

probably a man-in-the-middle attack performed by a TOR exit node.

just a reminder that in general it is not a good idea to use TOR to access
clearnet (that is, "normal" web addresses, as opposed to TOR hidden services).
What TOR makes secure in this case is the connection to the so-called TOR exit
node, which connects for you to your destination address, and sends you
the data back over the TOR network, thus acting as a proxy.  However, you are effectively trusting
the exit node not to fiddle with the data it forwards. Since the exit node can be
anybody (you can set up one, too), there is really no reason to trust it.
In particular, they can redirct your blockchain.info request to a fake site,
or strip your communication of its SSL and read all of it.

If you still want to use TOR to access clear net, and want to make this secure,
you have to download and install SSL certificates of every site you are going to use, in this
case of blockchain.info .

HTTPS everywhere is suppose to resolve this issue, no?

Argwai96
Legendary
*
Offline Offline

Activity: 1036
Merit: 1000


Thug for life!


View Profile
October 17, 2014, 12:00:57 AM
 #76

Unfortunately OP, this is a common occurance.  Malicious Tor exit nodes are redirecting requests to known bitcoin wallets and exchanges to their own malicious version and stealing coins.  Even in SSL connections.  Always verify the SSL certificate fingerprint and make sure it is correct when you are doing Bitcoin related things on Tor.
Even with SSL, Poodle has been shown to be able to perform a MITM attack against users. Checking the SSL certificate would not necessarily have stopped this attack
pitiflin
Hero Member
*****
Offline Offline

Activity: 980
Merit: 507



View Profile
October 18, 2014, 11:53:46 AM
 #77

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██

       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
.Better. Quick..

.Transparent....






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
crazyjack
Legendary
*
Offline Offline

Activity: 1315
Merit: 1002


View Profile
October 18, 2014, 11:56:33 AM
 #78

at the end all BTC will be lost and hacked until forgotten.... that is why there is no future in current system...
pitiflin
Hero Member
*****
Offline Offline

Activity: 980
Merit: 507



View Profile
October 18, 2014, 11:59:34 AM
 #79

at the end all BTC will be lost and hacked until forgotten.... that is why there is no future in current system...

It looks like it... security is key. I've lost 4 BTC in total in different attacks, and I'm no newbie. People can't expect the average user to use Armory offline wallets and shit like that. (Which I do anyway) Something must be found quickly.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██

       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
.Better. Quick..

.Transparent....






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
scarsbergholden
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile
October 18, 2014, 12:04:06 PM
 #80

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).
I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people
Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...
When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!