Bitcoin Forum
December 14, 2017, 07:47:22 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Attempted MITM on BitPay over Tor  (Read 1104 times)
keystroke
Hero Member
*****
Offline Offline

Activity: 842


advocate of a cryptographic attack on the globe


View Profile
November 09, 2014, 03:38:58 AM
 #1

Some links to BitPay are hijacked by evil exit nodes. Their SSL certificate isn't for BitPay but seems generated on the fly. The new page then tries to get you to pay to one of their BTC addresses. Anyone else see this? Nice attack vector.

"The difference between a castle and a prison is only a question of who holds the keys."
1513280842
Hero Member
*
Offline Offline

Posts: 1513280842

View Profile Personal Message (Offline)

Ignore
1513280842
Reply with quote  #2

1513280842
Report to moderator
1513280842
Hero Member
*
Offline Offline

Posts: 1513280842

View Profile Personal Message (Offline)

Ignore
1513280842
Reply with quote  #2

1513280842
Report to moderator
1513280842
Hero Member
*
Offline Offline

Posts: 1513280842

View Profile Personal Message (Offline)

Ignore
1513280842
Reply with quote  #2

1513280842
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513280842
Hero Member
*
Offline Offline

Posts: 1513280842

View Profile Personal Message (Offline)

Ignore
1513280842
Reply with quote  #2

1513280842
Report to moderator
1513280842
Hero Member
*
Offline Offline

Posts: 1513280842

View Profile Personal Message (Offline)

Ignore
1513280842
Reply with quote  #2

1513280842
Report to moderator
1513280842
Hero Member
*
Offline Offline

Posts: 1513280842

View Profile Personal Message (Offline)

Ignore
1513280842
Reply with quote  #2

1513280842
Report to moderator
QuantumQrack
Sr. Member
****
Offline Offline

Activity: 339


View Profile
November 09, 2014, 03:59:05 AM
 #2

Sounds to me like Tor is fucking useless.
lyth0s
Legendary
*
Offline Offline

Activity: 1246


World Class Cryptonaire


View Profile
November 09, 2014, 03:59:09 AM
 #3

Hmm. Can you confirm that this is only for bitpay? Or do they replace all bitcoin addresses?

Monero - Truly Anonymous Digital Cash. Bitcoin Reading List 2017
Divinespark
Hero Member
*****
Offline Offline

Activity: 616


View Profile
November 09, 2014, 05:23:52 AM
 #4

Tor is a complete waste of time. trading in suboptimal anonymity for guaranteed insecurity.

❘|❘ ICONOMI  Fund Management Platform
  LINK TO ICO | LINK TO DISCUSSION
deluxeCITY
Hero Member
*****
Offline Offline

Activity: 532



View Profile
November 09, 2014, 06:26:24 AM
 #5

Sounds to me like Tor is fucking useless.
As of recently tor has become much less secure when connecting to non-tor sites via tor.

The TOR project has not been able to determine exactly how law enforcement was able to find the identities/locations of the onion sites, however it is most likely (IMO) that they used some kind of timing attack
keystroke
Hero Member
*****
Offline Offline

Activity: 842


advocate of a cryptographic attack on the globe


View Profile
November 09, 2014, 06:27:26 AM
 #6

The page was designed as a BitPay page. So at least in this case they didn't replace random bitcoin addresses.

"The difference between a castle and a prison is only a question of who holds the keys."
buybtc
Member
**
Offline Offline

Activity: 98


View Profile
November 09, 2014, 06:29:05 AM
 #7

Report the bad exit nodes to the tor project, they will blacklist their IPs
hilariousandco
Gold Member
Global Moderator
Legendary
*
Offline Offline

Activity: 1498


How does one bitcoin?


View Profile WWW
November 09, 2014, 06:32:27 AM
 #8

Hmm. Can you confirm that this is only for bitpay? Or do they replace all bitcoin addresses?

Users have reported thefts from their blockchain.info accounts as well.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!