Multiple blockchain.info wallets hacked, .onion mirror URL set up for Tor users

Sunday, 30/11/2014 | 08:28 GMT by Leon Pick
Multiple blockchain.info wallets hacked, .onion mirror URL set up for Tor users

Several users of the blockchain.info Bitcoin wallet, a household brand in the community, have reported that their accounts have been hacked and bitcoin withdrawn. This, despite employing multiple passwords and 2-factor authentication (2FA).

Some users have reportedly fallen victim to sophisticated phishing attacks. It is cosidered a best practice to type the correct URL into address bar, as opposed to just following links from web searches.

In addition, Tor users were further vulnerable to attack due to a rogue exit node, which stripped the SSL encryption from information sent. This can be observed when the URL displayed as "http:", as opposed to "https:". Blockchain .info did employ HSTS, which forces pages into "https:", but this is ineffective when users explicitly enter "http:".

The unencrypted traffic was then simply picked up in a man-in-the-middle (MITM) attack, gleaning the victim's user ID and password to access his/her wallet.

In response, blockchain.info has set up a mirror .onion URL (https://blockchatvqztbll.onion) for Tor users to ensure traffic is encrypted. This is a temporary fix while the company looks to solve the MITM issue.

Weak password management is also to blame for some of the attacks.

It has been pointed out that such attacks would be much harder to pull off when using multisig technology, although it may slow things down for everyday users.

Several users of the blockchain.info Bitcoin wallet, a household brand in the community, have reported that their accounts have been hacked and bitcoin withdrawn. This, despite employing multiple passwords and 2-factor authentication (2FA).

Some users have reportedly fallen victim to sophisticated phishing attacks. It is cosidered a best practice to type the correct URL into address bar, as opposed to just following links from web searches.

In addition, Tor users were further vulnerable to attack due to a rogue exit node, which stripped the SSL encryption from information sent. This can be observed when the URL displayed as "http:", as opposed to "https:". Blockchain .info did employ HSTS, which forces pages into "https:", but this is ineffective when users explicitly enter "http:".

The unencrypted traffic was then simply picked up in a man-in-the-middle (MITM) attack, gleaning the victim's user ID and password to access his/her wallet.

In response, blockchain.info has set up a mirror .onion URL (https://blockchatvqztbll.onion) for Tor users to ensure traffic is encrypted. This is a temporary fix while the company looks to solve the MITM issue.

Weak password management is also to blame for some of the attacks.

It has been pointed out that such attacks would be much harder to pull off when using multisig technology, although it may slow things down for everyday users.

About the Author: Leon Pick
Leon  Pick
  • 1998 Articles
  • 5 Followers

More from the Author

CryptoCurrency