Bitcoin Forum
May 28, 2018, 10:34:43 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Attempted MITM on BitPay over Tor  (Read 1104 times)
keystroke
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1004


advocate of a cryptographic attack on the globe


View Profile
November 09, 2014, 03:38:58 AM
 #1

Some links to BitPay are hijacked by evil exit nodes. Their SSL certificate isn't for BitPay but seems generated on the fly. The new page then tries to get you to pay to one of their BTC addresses. Anyone else see this? Nice attack vector.

"The difference between a castle and a prison is only a question of who holds the keys."
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1527503683
Hero Member
*
Offline Offline

Posts: 1527503683

View Profile Personal Message (Offline)

Ignore
1527503683
Reply with quote  #2

1527503683
Report to moderator
QuantumQrack
Sr. Member
****
Offline Offline

Activity: 339
Merit: 250


View Profile
November 09, 2014, 03:59:05 AM
 #2

Sounds to me like Tor is fucking useless.
lyth0s
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


World Class Cryptonaire


View Profile
November 09, 2014, 03:59:09 AM
 #3

Hmm. Can you confirm that this is only for bitpay? Or do they replace all bitcoin addresses?

Monero - Truly Anonymous Digital Cash. Bitcoin Reading List 2017
Divinespark
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
November 09, 2014, 05:23:52 AM
 #4

Tor is a complete waste of time. trading in suboptimal anonymity for guaranteed insecurity.

❘|❘ ICONOMI  Fund Management Platform
  LINK TO ICO | LINK TO DISCUSSION
deluxeCITY
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500



View Profile
November 09, 2014, 06:26:24 AM
 #5

Sounds to me like Tor is fucking useless.
As of recently tor has become much less secure when connecting to non-tor sites via tor.

The TOR project has not been able to determine exactly how law enforcement was able to find the identities/locations of the onion sites, however it is most likely (IMO) that they used some kind of timing attack
keystroke
Hero Member
*****
Offline Offline

Activity: 854
Merit: 1004


advocate of a cryptographic attack on the globe


View Profile
November 09, 2014, 06:27:26 AM
 #6

The page was designed as a BitPay page. So at least in this case they didn't replace random bitcoin addresses.

"The difference between a castle and a prison is only a question of who holds the keys."
buybtc
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
November 09, 2014, 06:29:05 AM
 #7

Report the bad exit nodes to the tor project, they will blacklist their IPs
hilariousandco
Lamborghini Member
Global Moderator
Legendary
*
Online Online

Activity: 1666
Merit: 1211


Bitcoib is my succesfull


View Profile
November 09, 2014, 06:32:27 AM
 #8

Hmm. Can you confirm that this is only for bitpay? Or do they replace all bitcoin addresses?

Users have reported thefts from their blockchain.info accounts as well.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!