Tor+Blockchain wallet hacked? 633 btc loss

[teukon]

HTTPS everywhere is suppose to resolve this issue, no?

Not necessarily.  A blockchain.info ruleset may not be available depending on the users setup.  For example, Tor Browser comes with HTTPS Everywhere by default but there's no blockchain.info entry at present (I do see good ol' blockexplorer.com ).  As a result, if I download and launch the latest version of Tor Browser (currently v4.0), and enter "blockchain.info" or "blockchain.info/wallet" in the URL bar I'll be given a plain, unencrypted, HTTP connection.

HTTPS Everywhere is, more accurately, HTTPS at a wide selection of sites.  Their slogan:

Encrypt the Web! Automatically use HTTPS security on many sites.

[1715267007]

1715267007

[1715267007]

1715267007

[1715267007]

1715267007

[pitiflin]

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).

I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people

Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...

When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?

[Gumbork]

633 btc is a lot!!! wish I had money for that much..

[hasherr]

once I using Tor Browser open BC.INFO, Warned the certificate error , the certificate is  ***. cloudflare.com, because BC.INFO use cloudflare CDN service, I also used cloudflare SSL service ,  so I didnt  care Certificate warning

(facepalm) . Its strange how someone can hoard such amount of btc and dont understand how serious ssl cert mismatch are.

[FattyMcButterpants]

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).

I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people

Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...

When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?

As long as you control the private keys on your computer TOR will not have any way of stealing your bitcoin. If you value your anonymity then you should use TOR to broadcast a TX and to monitor the Bitcoin network for new TXs received to any address that you control.

The only real risk with using TOR with a wallet like Armory is that the exit node not allow you to broadcast the TX, however this can be resolved by "using a new identity" or waiting 10 minutes for TOR to automatically use a new exit node

[pitiflin]

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).

I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people

Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...

When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?

As long as you control the private keys on your computer TOR will not have any way of stealing your bitcoin. If you value your anonymity then you should use TOR to broadcast a TX and to monitor the Bitcoin network for new TXs received to any address that you control.

The only real risk with using TOR with a wallet like Armory is that the exit node not allow you to broadcast the TX, however this can be resolved by "using a new identity" or waiting 10 minutes for TOR to automatically use a new exit node

Thank you very much, and how can I use Armory with TOR?

[FattyMcButterpants]

... Then there was an error message pop up, he closed it and refreshed the wallet page...

That probably was probably a key moment.

Exactly.  They were key logging him or had hijacked the computer and then transferred the money out.  It is doubtful it was a MITM attack while using TOR when the easier method is to just have owned his computer.  (Of course it is possible, just very unlikely).

I also agree. A man in the middle attack is really not feasible with TOR.

One theory as to what could have happened (besides spreading FUD) to the OP is that he went on a hidden wikki, looking for a .onion version of blockchain.info, clicked on a fake blockchian.info link (hidden wikki is littered with these kinds of phishing sites), entered his identifier and password, then the person behind the phishing .onion site was able to login to blockchain and steal the OP's bitcon.

IMO the OP is spreading FUD more likely then not. I don't see why the OP would be paranoid enough to use TOR when dealing with bitcoin but isn't paranoid enough to want to use cold storage

It happened the same thing to me using coinbase.com and I didn't use the hidden wiki to access coinbase. There is people literally living from stealing BTC you shouldn't underestimate these people

Why would you use TOR to access coinbase? They already know your identity and your bank account details therefore there is little reason to try to hide your identity to access coinbase

it has been reported that POODLE has exploited a SSLv3 vulnerability so it is, in theory possible that an attacker launched a zero day attack against the OP

I didn't give them any ID, just an email address.

By the way, someone stole from my blockchain with double authentification and a second password when sending funds... using it via TOR

I think blockchain is having an attack or something like that. Do you know any wallet that Works good with TOR? Or
would you recommend me generate new wallets from my cold wallet in Armory?

Fucking blockchain...

When you access your blockchain.info wallet (via TOR or otherwise) you are essentially downloading the private keys to your browser as blockchain.info stores your private keys in encrypted format. When you log in you essentially telling blockchain which encrypted file to send you and you will decrypt it. If someone were to modify the blockchain code via a MITM attack they could make it so the decryption key (aka your password) will be sent to them (along with your identifier) so they can decrypt your wallet file stored on blockchain.info.

To get around this potential vulnerability you could use a wallet that always has your private keys stored locally. A few examples would include QT, multibit and armory. The only time that TOR would be involved is when you use your client to push a TX to the network.  

Thanks for the explanation. I already have Armory with an offline wallet. Should I use a hot wallet (in Armory) for small amounts? Using a normal Internet connection (clearnet)?

As long as you control the private keys on your computer TOR will not have any way of stealing your bitcoin. If you value your anonymity then you should use TOR to broadcast a TX and to monitor the Bitcoin network for new TXs received to any address that you control.

The only real risk with using TOR with a wallet like Armory is that the exit node not allow you to broadcast the TX, however this can be resolved by "using a new identity" or waiting 10 minutes for TOR to automatically use a new exit node

Thank you very much, and how can I use Armory with TOR?

You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

[Velkro]

Sucks if true, these scams just make BTC less appealing to the casual internet user.

and this will not change soon... we need better software to handle BTC, always 2 factor authentication, everywhere, that hackers won't be able to defraud money without hacking cellphone too

[teukon]

Thank you very much, and how can I use Armory with TOR?

You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

[pitiflin]

Sucks if true, these scams just make BTC less appealing to the casual internet user.

and this will not change soon... we need better software to handle BTC, always 2 factor authentication, everywhere, that hackers won't be able to defraud money without hacking cellphone too

I was using 2 factor authentication...

[pitiflin]

Thank you very much, and how can I use Armory with TOR?

You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

[Envrin]

Why was he ever storing that much in an online wallet like blockchain.info to begin with?  If you have that much money, at least throw a BTC or two to someone technical who can guide you through how to best store it.

[mnmShadyBTC]

Thank you very much, and how can I use Armory with TOR?

You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

As long as your keys are held on your computer and your computer is not compromised using TOR with armory should be fine. The reason that the OP was able to have bitcoin stolen from him was because the exit node was able to fake the blockchain.info website and intercept the encrypted traffic between the OP and blockchian.info

[teukon]

Thank you very much, and how can I use Armory with TOR?

You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.

For best results, you should have at least a basic idea of internet routing and how, Tor, and HTTPS interact.  This will help you guard yourself against other ways of losing bitcoins.

A worked example:  Suppose you want to send some bitcoins to me and I gave you an address in a bitcointalk.org post, say 5 mills (0.005 BTC) to 1J1ikF1fJVDzGKjwzZKnMfyHaguGkpbyug.  Can you be sure you're seeing my address?  Can you be sure the amount hasn't been tampered with?  Does anyone have the power to swap their own address in place of mine?  Does HTTPS make a difference?  Does using Tor Browser introduce risk?  Does changing identity and reloading the page to double-check help?

[BTCmoons]

Thank you very much, and how can I use Armory with TOR?

You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.

For best results, you should have at least a basic idea of internet routing and how, Tor, and HTTPS interact.  This will help you guard yourself against other ways of losing bitcoins.

A worked example:  Suppose you want to send some bitcoins to me and I gave you an address in a bitcointalk.org post, say 5 mills (0.005 BTC) to 1J1ikF1fJVDzGKjwzZKnMfyHaguGkpbyug.  Can you be sure you're seeing my address?  Can you be sure the amount hasn't been tampered with?  Does anyone have the power to swap their own address in place of mine?  Does HTTPS make a difference?  Does using Tor Browser introduce risk?  Does changing identity and reloading the page to double-check help?

I would say a potential reason not to use a think client via tor is that you have the possibility to have a exit node fake a transaction to an address of yours. This would make you think that you have received payment when you in fact have not, this could result in you releasing goods when you should not have.

[ruletheworld]

Thank you very much, and how can I use Armory with TOR?

You will need to have your TOR browser open whenever you are using Armory. You will need to set up Armory to use a proxy to connect, I am not 100% sure on this but I believe the IP address to set is 127.0.0.1 and the port is 9150.

Armory communicates with the network via Bitcoin Core so you'll want to set the proxy settings there.  This works pretty well; satoshi built Bitcoin Core's proxy support with Tor in mind back in 2009, see v0.2 changelog.

Yes, by default Tor Browser's socks listening port is 9150.  I believe Bitcoin Core's default proxy port is 9050 (Tor's default port) so you'll want to change this to 9150 if you're using Tor Browser to manage your circuits.

Cheers mate, and it's secure? I mean... after what's happened using blockchain + tor I'm quite scared to use TOR anymore...

To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.

For best results, you should have at least a basic idea of internet routing and how, Tor, and HTTPS interact.  This will help you guard yourself against other ways of losing bitcoins.

A worked example:  Suppose you want to send some bitcoins to me and I gave you an address in a bitcointalk.org post, say 5 mills (0.005 BTC) to 1J1ikF1fJVDzGKjwzZKnMfyHaguGkpbyug.  Can you be sure you're seeing my address?  Can you be sure the amount hasn't been tampered with?  Does anyone have the power to swap their own address in place of mine?  Does HTTPS make a difference?  Does using Tor Browser introduce risk?  Does changing identity and reloading the page to double-check help?

I would say a potential reason not to use a think client via tor is that you have the possibility to have a exit node fake a transaction to an address of yours. This would make you think that you have received payment when you in fact have not, this could result in you releasing goods when you should not have.

This. You don't have any control over the exit nodes that ultimately 'fetches' you the website.

[DonDev]

633 btc is a lot. But why were you using TOR?

[teukon]

To the best of my knowledge, there's no fundamental weakness in the use of Tor with Bitcoin Core (and, by extension, Armory).  Theoretically, thin-clients such as Electrum or MultiBit should be fine too, but I don't know enough about these particular examples to trust them myself over Tor without further research.

I would say a potential reason not to use a think client via tor is that you have the possibility to have a exit node fake a transaction to an address of yours. This would make you think that you have received payment when you in fact have not, this could result in you releasing goods when you should not have.

Yes, this is true.  Sorry, allow me to clarify.

Thin-clients via Tor should be fine for protecting payment privacy.  You would also need to run a verifying node of some description, not on Tor, to check the state of your addresses and be sure that attacks such as the one you described are ineffective.  I'm sure we'll see this setup more if Bitcoin's bandwidth requirement rises.

[LiteCoinGuy]

633 btc is a lot. But why were you using TOR?

and why 633 btc in one wallet...on your computer with a hot wallet....with old, crappy antivirus and no anti-maleware?
i guess you installed also bunch of "addons" and "mining-progs" on the pc... 

[wenben]

The consensus so far is the pc is compromised and not tor protocol and exit node?