Buy crypto anonymously on the Incognito pDEX   

[ARTICLE] Malicious Tor Network Servers Are Targeting Users’ Cryptocurrencies

#1
  • An unknown hacker has been adding thousands of malicious servers to the Tor Network since early 2020.
  • Acting as “exit relays,” the nodes are pinpointing and modifying users’ data to steal their cryptocurrencies, a new report suggested.

The Tor Project explained that these servers stopped websites from redirecting visitors to more secure HTTPS versions of their platforms. If users didn’t notice, and continued to send or receive sensitive information, it could have been intercepted by the attacker.

It is believed that the hacker is using their servers to switch crypto addresses in transaction requests made by users and redirect their cryptocurrencies to their own wallets.

11 Likes
#2

Thank you @Mike_Wagner for sharing this information with the community…question I ask is how should users take note of this information and make use of it for their own protection… :sunglasses:

#3

From the information put forth in the article, the attacker is performing a narrowly scoped MiTM attack on web traffic exiting Tor heading to crypto exchanges. The attacker manipulates the web traffic forcing users to use unencrypted HTTP connections with these exchanges, even if the request started as HTTPS. Because HTTP traffic is unencrypted, the attacker can mine the exiting traffic for login credentials.

Furthermore the article states the attacker may also be manipulating downloads over Tor in some way.

The short version is to check, double-check and triple check that any login page you visit when using Tor has the lock icon in the URL field, indicating an encrypted HTTPS session. Do not login to any website if the lock icon is missing and/or unlocked indicating an unencrypted non-HTTPS session.

8 Likes
#4

Hey @Mike_Wagner…now this was a heck of a response:

The short version is to check, double-check and triple check that any login page you visit when using Tor has the lock icon in the URL field, indicating an encrypted HTTPS session . Do not login to any website if the lock icon is missing and/or unlocked indicating an unencrypted non-HTTPS session.

Thank you for the aforementioned technical answer but you putting it into simple layman terms was excellent and I think will assist many regular users understand the point of the article…thank you bro… :sunglasses: :100: :+1:

1 Like
#5

Here’s a question regarding what you just posted. Sometimes I use my phone to access my exchange–my process goes like this: I fire up the Orbot App on my phone which has a built in VPN. I then open my Binance.com app (I live in the US). It is not done through a browser, therefore I do not have a lock icon in a URL bar. Is there a way to know if I am using an HTTPS connection through this method, or am I playing with fire?

#6

I would expect the official Binance.com app uses HTTPS. Neither the decrypt.co article nor the medium.com source list the targeted exchanges, but it is likely to be smaller and/or newer exchanges.

Large exchanges like Binance, Kucoin, Coinbase, Kraken would undoubtedly have the proper redirects and HSTS mitigations as part of their security posture long before this attack.

3 Likes
#7

That’s very encouraging. Thank you.

Also, just a word of encouragement for you, because everyone needs some from time to time:

I have read several of your posts and feedback that you give here on the forum. You have been very helpful to me, and given a lot of good information. I see you as a good, helpful asset to the community. Thank you for your dedication!

6 Likes
#8

Agreed. @Mike_Wagner is basically the new support that can’t be fired. :grin:

3 Likes
#9

Mike is Da Man!!!..nuff said!!!..thank you @Mike_Wagner:sunglasses: :100: :+1:

1 Like
#10

Thanks for the kind words. I just help out where and how I can.

3 Likes