For some time now, I've been getting reports from customers that Bitcoin mixers are stealing their coins. I now have a pretty good guess what's happening:
It's common for Bitcoiners to use Tor to anonymize their activity. Unfortunately, this has a major risk.
For several years now, an unknown attacker has been running malicious Tor nodes to steal users Bitcoin: https://nusenu.medium.com/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
Here is how the attack works:
- Attacker creates many Tor exit nodes so that up to a third of Tor nodes are operated by them.
- Attacker looks for HTTP requests to crypto sites, especially Bitcoin mixers. Nearly all crypto sites are HTTPS, but users usually do not type HTTPS:// before a web address. Instead, they type the domain name and let the website redirect from HTTP to HTTPS. The attacker strips out this redirect.
- Because the website session is in plaintext, the attacker can dynamically replace Bitcoin addresses to his own.
- Bitcoin deposits are redirected to the attacker. The victims blame the coin mixer.
Solutions:
- Website operators should use HSTS Preloading (https://hstspreload.org/). Most crypto websites do NOT currently do this.
- Users should install HTTPS Everywhere https://www.eff.org/https-everywhere
- Users should check that websites connections are HTTPS:// Browser are getting better are warning about HTTP connections
- Don't use Tor for crypto. Use a VPN instead. You can pay for many VPN's with Bitcoin. Of course, you must trust that the VPN is non-malicious too.
[link] [comments]
No comments:
Post a Comment