Bitcoin Forum
November 07, 2024, 02:50:20 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: 12 BTC stolen 1 hour Ago.Session Hijacked?How is that possible?  (Read 2862 times)
meowmeo9 (OP)
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
October 14, 2014, 10:14:10 PM
 #1

How is that possible?
I use Tor over block chain and as i logged into my wallet a few hours later all my BTC's were hijacked.
I use for only to be secure and never thought it might be a problem.
Is there an explanation for this ? I never downloaded anything! so its impossible its a virus.
Any one has any ideas how it  can happen ?
I seen it happened to a few people already.
MegaHustlr
Hero Member
*****
Offline Offline

Activity: 601
Merit: 500


Vote 4fryn :)


View Profile
October 14, 2014, 10:19:49 PM
 #2

Biggest question:
Did you have 2FA?




                  ▄  ▀▄▄   ▀▄▄ ▀▄ ▀▄
             ▀█▄▄▄▄███▀▀▀▀▀▀▀█████████ ▄
         ▀████▀▀    ▄▄▄▄▄▄▄▄▄▄▄▄▄    ▀███▄
 ▄▄▄▄▄  ▄▄▀      ██▀▀     ▄██▀▀▀   █     ██
██    ▀█  ▄█▀▀▀▄  ▀█   ▄█▀   ▄▄▄ ▀██  █▀▀▄▀▄

▀▀▀   ▐█ █▌    ▐▌  █  ▐█ ▄█▀▀   █ █  ▄▀ ▄█ ▌
      ▐▌ ▀█ ▄▀▄█  █▀  █  █      ▐▌ █▀ █    ▀▄
      █     ▄█▀  ▀▀▀▀▄█  ▀█▄▄▀ ▄▀  █▄ █  ██ ▐▌
     █   ▄███▄▄███▄▄▄▄       ▄█▄▄▄▄ █▄    ▀  █ ▄
   ▄█▀▀▀▀     █▀      █   ▄█▀▀███    ▀▀▄▄   ▄██
  ▐█         ▐▌       ▐▌▄▀     ██        ▀███ ▐█
  █           ▀▄      ▐█▀       ▀█           ▀▀
  █▄           ██     ██         ██▄
   █▀            ▀     ▀          ▀█▀



.







                 ▄████▄▄    ▄
██             ████████████▀
████▄         █████████████▀
▀████████▄▄   █████████████
▄▄█████████████████████████
██████████████████████████
  ▀██████████████████████
   █████████████████████
    ▀█████████████████▀
      ▄█████████████▀
▄▄███████████████▀
   ▀▀▀▀▀▀▀▀▀▀▀




       ▄▄▄▄▄▄
    ▄████████
    █████▀▀▀▀
   ▐████
   ▐████
████████████
████████████
   ▐████
   ▐████
   ▐████
   ▐████




  ▄██▄▄                ▄▄██▄
  ████████▄▄▄▄▄▄▄▄▄▄▄███████
  ██████████████████████████
  ██████████████████████████
▄████████████████████████████▄
██████████████████████████████▌
█████▀                  ▀█████▌
████    ███▄      ▄███    ████▌
████   ▐████      ████▌   ████
 ███    ▀██▀      ▀██▀    ███▀
  ▀██▄                  ▄██▀
    ▀▀██████████████████▀▀




             ▄██▄
     ▄      ▐████   ▄▄
   █████     ██████████
    █████████████████▀
 ▄████████████▀████▌
██████████     ▀████    
 ▀▀   █████     ██████████
      ▀████▌▄████████████▀
    ▄▄▄███████████████▌
   ██████████▀    ▐████
    ▀▀▀  ████▌     ▀▀▀
         ▀███▀
virtualx
Hero Member
*****
Offline Offline

Activity: 672
Merit: 508


LOTEO


View Profile
October 14, 2014, 10:22:21 PM
 #3

I saw another thread about it. Perhaps it's related with tor or an exploit targeting tor.
Which OS are you on?

...loteo...
DIGITAL ERA LOTTERY


r

▄▄███████████▄▄
▄███████████████████▄
▄███████████████████████▄
▄██████████████████████████▄
▄██  ███████▌ ▐██████████████▄
▐██▌ ▐█▀  ▀█    ▐█▀   ▀██▀  ▀██▌
▐██  █▌ █▌ ██  ██▌ ██▌ █▌ █▌ ██▌
▐█▌ ▐█ ▐█ ▐█▌ ▐██  ▄▄▄██ ▐█ ▐██▌
▐█  ██▄  ▄██    █▄    ██▄  ▄███▌
▀████████████████████████████▀
▀██████████████████████████▀
▀███████████████████████▀
▀███████████████████▀
▀▀███████████▀▀
r

RPLAY NOWR
BE A MOON VISITOR!
[/center]
MGGB
Full Member
***
Offline Offline

Activity: 236
Merit: 100


View Profile
October 14, 2014, 10:29:02 PM
 #4

I also just read somewhere that Tor and Non-Darkweb sites like block-Chain don't work well together, because of security issues, and it did explain why, I can't remember, I will see if I can find the post.

Also sorry for your loss, that's a bummer Sad
miohtama
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile WWW
October 14, 2014, 10:30:17 PM
 #5

How is that possible?
I use Tor over block chain and as i logged into my wallet a few hours later all my BTC's were hijacked.
I use for only to be secure and never thought it might be a problem.
Is there an explanation for this ? I never downloaded anything! so its impossible its a virus.
Any one has any ideas how it  can happen ?
I seen it happened to a few people already.

There are malicious Tor exit nodes targeting Bitcoin services. They will do man-in-the-middle HTTPS attack against your Bitcoin website. This is only successful if you accept the invalid security certificates of the website. The web browser gives a big red warning "DON'T GO TO THIS SITE THE CERTIFICATE DOESN'T MATCH". If the user clicks yes and then the secure connection is compromised and the Tor exit node can steal your Bitcoins.

You can read more about the attacks against the Tor users here.

Thus, Tor should not be recommended for the users who are not technically-sawy enough to avoid risks like this.

Other potential risks and compromises and how to protect yourself against them
Meuh6879
Legendary
*
Offline Offline

Activity: 1512
Merit: 1012



View Profile
October 14, 2014, 11:05:05 PM
 #6

Quote
i logged into my wallet a few hours later

 

Don't use fucking online wallet !
kokojie
Legendary
*
Offline Offline

Activity: 1806
Merit: 1003



View Profile
October 14, 2014, 11:05:07 PM
 #7

Your TOR session was attacked by malicious exit nodes using "Man in the middle" attack. Always make sure you are using HTTPS with valid certificate, or just don't use TOR for something financial related, use a private VPN/SSH tunnel for this.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
el kaka22
Legendary
*
Offline Offline

Activity: 3696
Merit: 1166


www.Crypto.Games: Multiple coins, multiple games


View Profile
October 15, 2014, 03:12:39 AM
 #8

Quote
i logged into my wallet a few hours later

 

Don't use fucking online wallet !

so where i can get offline wallet ? im new about bitcoin
can you shared the link
i want use that

█████████████████████████
███████▄▄▀▀███▀▀▄▄███████
████████▄███▄████████
█████▄▄█▀▀███▀▀█▄▄█████
████▀▀██▀██████▀██▀▀████
████▄█████████████▄████
███████▀███████▀███████
████▀█████████████▀████
████▄▄██▄████▄██▄▄████
█████▀▀███▀▄████▀▀█████
████████▀███▀████████
███████▀▀▄▄███▄▄▀▀███████
█████████████████████████
.
 CRYPTOGAMES 
.
 Catch the winning spirit! 
█▄░▀███▌░▄
███▄░▀█░▐██▄
▀▀▀▀▀░░░▀▀▀▀▀
████▌░▐█████▀
████░░█████
███▌░▐███▀
███░░███
██▌░▐█▀
PROGRESSIVE
      JACKPOT      
██░░▄▄
▀▀░░████▄
▄▄▄▄██▀░░▄▄
░░░▀▀█░░▀██▄
███▄░░▀▄░█▀▀
█████░░█░░▄▄█
█████░░██████
█████░░█░░▀▀█
LOW HOUSE
         EDGE         
██▄
███░░░░░░░▄▄
█▀░░░░░░░████
█▄░░░░░░░░█▀
██▄░░░░░░▄█
███▄▄░░▄██▌
██████████
█████████▌
PREMIUM VIP
 MEMBERSHIP 
DICE   ROULETTE   BLACKJACK   KENO   MINESWEEPER   VIDEO POKER   PLINKO   SLOT   LOTTERY
H.W.Z
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
October 15, 2014, 03:31:30 AM
 #9

Quote
i logged into my wallet a few hours later

 

Don't use fucking online wallet !

so where i can get offline wallet ? im new about bitcoin
can you shared the link
i want use that
go here https://bitcoin.org/en
The official Bitcon website! You can learn a lot of basic knowledge from there and download the wallet.

hodap
Full Member
***
Offline Offline

Activity: 306
Merit: 102


View Profile
October 15, 2014, 03:32:28 AM
 #10

Didn't know exit node can comprise a user identity.

Is this exploit being used by government also?
Pente
Hero Member
*****
Offline Offline

Activity: 528
Merit: 527



View Profile WWW
October 15, 2014, 03:40:12 AM
 #11

I wish to thank all the people who have taught me that TOR and online wallets don't mix.

As for 2FA, I did that on my own.
niothor
Hero Member
*****
Offline Offline

Activity: 826
Merit: 501


in defi we trust


View Profile
October 15, 2014, 03:44:33 AM
 #12

When you connect to tor you connect to hundreds or thousands of different computers....Hence why your coins were snatched up so quickly.
Tor and any place that requires authentication is a bad idea.


             ▄          ▄▄▄▄    ▄
            ███      ▄██████▀  ▀█▀
            ███     ▄██▀
            ███     ███        ▄█▄   ▄█▄ ▄█████▄▄         ▄▄██████▄      ▄█▄ ▄█████▄▄         ▄▄█████▄▄        ▄▄█████▄▄
    ▄▄▄▄▄▄  ███     ███        ███   ██████▀▀▀▀███▄     ▄███▀▀▀▀▀███▄    ██████▀▀▀▀███▄     ▄███▀▀▀▀▀███▄    ▄███▀▀▀▀▀███▄
  ▄████████▄███  ▄█████████▄   ███   ████▀      ▀███   ▄██▀       ▀██▄   ████▀      ▀███   ▄██▀       ▀█▀   ▄██▀       ▀██▄
▄███▀    ▀█████   ▀▀███▀▀▀▀    ███   ███         ███   ███         ███   ███         ███   ███              ███████████████
███   ▄▄   ▀███     ███        ███   ███         ███   ███         ███   ███         ███   ███              ███▀▀▀▀▀▀▀▀▀▀▀
███   ▀▀   ▄███     ███        ███   ███         ███   ███         ███   ███         ███   ███         ▄    ███         ▄
▀███▄    ▄█████     ███        ███   ███         ███    ███▄▄   ▄▄████   ███         ███    ███▄▄    ▄███    ███▄▄   ▄▄███
  ▀████████▀███     ███        ███   ███         ███     ▀████████▀███   ███         ███     ▀█████████▀      ▀█████████▀
    ▀▀▀▀▀▀   ▀       ▀          ▀     ▀           ▀         ▀▀▀▀▀   ▀     ▀           ▀         ▀▀▀▀▀            ▀▀▀▀▀

       ▄▄▄▄▄▄▄
   ▄▄▀▀       ▀▀▄▄
  █               █ ▄
 █   █▀▄ ▀█▀ ▀█▀   █ ▀▄
 █   █▀▄  █   █    █  ▀▄
  █  ▀▀   ▀   ▀   █    █
▄▀ ▄▄           ▄▀    ▄▀
 ▀▀  ▀▀▄▄▄▄▄▄▄▀▀      ▀▄
        ▀▄▄      ▄▄▀▀▄▄▀
           ▀▀▀▀▀▀

                      ▄▄▄
  ▄█▄              ▄███████▄
  ▀████▄▄         ██████▀██████▀
    ▀▀▀████▄▄     ███████████▀
    ▀██▄███████▄▄███████████
     ▄▄▄▀██████████████████
      ▀████████████████████
▀█▄▄     ▀████████████████
  ▀████████████████▀█████
    ▀████████████▀▄▄███▀
       ▀▀██████████▀▀
           ▀▀▀▀▀

               ▄▄   ▄▄
              ▄▀ ▀▀█  █
             ▄▀     ▀▀
         ▄▄▄▄█▄
     ▄█▀▀▀▀▀▀▀▀▀▀█▄
 ▄▀▄▀              ▀▄▀▄
█  █   ▄█▄    ▄█▄   █  █
 ▀█    ▀█▀    ▀█▀    █▀
  █                  █
   █   ▀▄      ▄▀   █
    ▀▄   ▀▀▀▀▀▀   ▄▀
      ▀▀▄▄▄▄▄▄▄▄▀▀
New Age of DEFI
A Non-Code Platform for
Decentralized Trading Instruments

   ▄▄███████████████▄▄
 ▄█████████████████████▄
▄██████████████▀▀███████▄
████████████▀▀    ███████
█████████▀▀   ▄   ███████
██████▀▀     █    ███████
████▀       █     ███████
█████▄▄   ▄█      ███████
████████ ██▄      ███████
▀████████ ▀▄███▄▄███████▀
 ▀█████████████████████▀
   ▀▀███████████████▀▀

     ▄              ▄
   ▄███▄          ▄███▄
   █████▄  ▄▄▄▄  ▄█████
  ▄████████████████████▄
 ▄██████████████████████▄
 ████████████████████████
██████▀▀          ▀▀██████
█████▀   ▄      ▄   ▀█████
 ████   ███    ███   ████
  ████   ▀      ▀   ████
   ▀████▄▄▄▄▄▄▄▄▄▄████▀
     ▀▀████████████▀▀

   ▄▄████████████████▄▄
 ▄█████▀▀▀██████▀▀▀█████▄
▄████▀  ▀▀▀    ▀▀▀  ▀████▄
████▀                ▀████
███▀                  ▀███
███       ▄    ▄       ███
██▀      ███  ███      ▀██
██       ▀█▀  ▀█▀       ██
██▄     ▄        ▄     ▄██
▀██▄     ▀▀▄▄▄▄▀▀     ███▀
 ▀███▄▄▄▄▄▄████▄▄▄▄▄▄███▀
   ▀▀████████████████▀▀
el kaka22
Legendary
*
Offline Offline

Activity: 3696
Merit: 1166


www.Crypto.Games: Multiple coins, multiple games


View Profile
October 15, 2014, 03:45:26 AM
 #13

Quote
i logged into my wallet a few hours later

 

Don't use fucking online wallet !

so where i can get offline wallet ? im new about bitcoin
can you shared the link
i want use that
go here https://bitcoin.org/en
The official Bitcon website! You can learn a lot of basic knowledge from there and download the wallet.
ok ,, will check it
thank yaa

█████████████████████████
███████▄▄▀▀███▀▀▄▄███████
████████▄███▄████████
█████▄▄█▀▀███▀▀█▄▄█████
████▀▀██▀██████▀██▀▀████
████▄█████████████▄████
███████▀███████▀███████
████▀█████████████▀████
████▄▄██▄████▄██▄▄████
█████▀▀███▀▄████▀▀█████
████████▀███▀████████
███████▀▀▄▄███▄▄▀▀███████
█████████████████████████
.
 CRYPTOGAMES 
.
 Catch the winning spirit! 
█▄░▀███▌░▄
███▄░▀█░▐██▄
▀▀▀▀▀░░░▀▀▀▀▀
████▌░▐█████▀
████░░█████
███▌░▐███▀
███░░███
██▌░▐█▀
PROGRESSIVE
      JACKPOT      
██░░▄▄
▀▀░░████▄
▄▄▄▄██▀░░▄▄
░░░▀▀█░░▀██▄
███▄░░▀▄░█▀▀
█████░░█░░▄▄█
█████░░██████
█████░░█░░▀▀█
LOW HOUSE
         EDGE         
██▄
███░░░░░░░▄▄
█▀░░░░░░░████
█▄░░░░░░░░█▀
██▄░░░░░░▄█
███▄▄░░▄██▌
██████████
█████████▌
PREMIUM VIP
 MEMBERSHIP 
DICE   ROULETTE   BLACKJACK   KENO   MINESWEEPER   VIDEO POKER   PLINKO   SLOT   LOTTERY
KIRAZ
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
October 15, 2014, 03:47:57 AM
 #14

Why was you using Tor with blockchain i don't even check my email accounts over tor.
I'm sure that your session got hijacked because of those tor proxies.
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
October 15, 2014, 07:08:40 AM
 #15

There are malicious Tor exit nodes targeting Bitcoin services. They will do man-in-the-middle HTTPS attack against your Bitcoin website. This is only successful if you accept the invalid security certificates of the website.

Hopefully the exit nodes doing this would eventually be awarded the BadExit flag so they are no longer chosen as exits. Unfortunately this isn't automatic (yet?) so we'll have to live with this problem.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
October 15, 2014, 09:01:55 AM
Last edit: October 15, 2014, 09:24:31 AM by shorena
 #16

Didn't know exit node can comprise a user identity.

Is this exploit being used by government also?

Yes [1] and Tor is aware of it [2].

tl;dr:

Quote
Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.


[1] dont worry its in english even though its a german domain http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
[2] https://blog.torproject.org/blog/being-targeted-nsa


Edit: that FBI operation "torpedo" link I didnt find earlier: www.wired.com/2014/08/operation_torpedo/

Im not really here, its just your imagination.
zetaray
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


View Profile
October 15, 2014, 10:20:14 AM
 #17

Tor is designed for anonymous browsing, not anonymous banking. You are asking for trouble if you use tor to manage your finances.

.CryptoTotal.com.
                              l█████████▇▀
                              ████████▇▀
                              ███████▇▀
                              ██████▇▀
                              █████▇▀
                              ████▇▀
                              ███▇▀
                              ██▇▀
                              █▇▀
                              ▇▀
▇▇
▇▇

Express.Crypto.Checkout
Accepts Multiple Cryptos
Worldwide Shipping
dothebeats
Legendary
*
Offline Offline

Activity: 3766
Merit: 1354


View Profile
October 15, 2014, 01:40:25 PM
 #18

Didn't know exit node can comprise a user identity.

Is this exploit being used by government also?

Yes [1] and Tor is aware of it [2].

tl;dr:

Quote
Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.


[1] dont worry its in english even though its a german domain http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
[2] https://blog.torproject.org/blog/being-targeted-nsa


Edit: that FBI operation "torpedo" link I didnt find earlier: www.wired.com/2014/08/operation_torpedo/

Really noob question: If Tor users are aware that the Tor network is always under surveillance by the government, how come most of the dark activities concealed by this not-so-hidden-network at all?

Sorry i don't understand much about the Tor's concept. Thanks for the information about the mismatch of Tor and the blockchain. Never knew that using the Tor network may steal my coins.

█████████████████████████████████
████████▀▀█▀▀█▀▀█▀▀▀▀▀▀▀▀████████
████████▄▄█▄▄█▄▄██████████▀██████
█████░░█░░█░░█░░████████████▀████
██▀▀█▀▀█▀▀█▀▀█▀▀██████████████▀██
██▄▄█▄▄█▄▄█▄▄█▄▄█▄▄▄▄▄▄██████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀███████████████████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀██████████▄▄▄██████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
 Crypto Marketing Agency
By AB de Royse

████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████████████████████████████████████████████████████████████████████████████████████████████████
WIN $50 FREE RAFFLE
Community Giveaway

██████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████
██
██████████████████████
██████████████████▀▀████
██████████████▀▀░░░░████
██████████▀▀░░░▄▀░░▐████
██████▀▀░░░░▄█▀░░░░█████
████▄▄░░░▄██▀░░░░░▐█████
████████░█▀░░░░░░░██████
████████▌▐░░▄░░░░▐██████
█████████░▄███▄░░███████
████████████████████████
████████████████████████
████████████████████████
yakuza699
Hero Member
*****
Offline Offline

Activity: 935
Merit: 1002


View Profile
October 15, 2014, 01:55:27 PM
 #19

This thread probably explained how my coins were stolen from blockchain.info as I didn't installed anything on my previous PC but was using TOR. Sorry for you loss I had my coins stolen too but they stole only 0.3 from me I hope you will re-earn them fast.

▄▄▄▄▄▄▄▄
▄▄▄▄▄▄
▄▄▄▄
BTC BitDice.me 
.
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
October 15, 2014, 02:07:02 PM
 #20

Really noob question: If Tor users are aware that the Tor network is always under surveillance by the government, how come most of the dark activities concealed by this not-so-hidden-network at all?

There's a difference between using tor to access the regular internet and using tor to access hidden services. Those are more difficult to wiretap.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!