A recent vulnerability in privacy browser Tor allowed hackers to access users’ Bitcoin funds but using additional features can help avoid those concerns, according to one cybersecurity researcher.
Tim Ismilyaev, the CEO and founder of international enterprise security firm Mana Security, told CryptoSlate that even as crypto traders “use Tor to overcome government censorship, the resulting anonymity ensures that third parties can’t track you when you’re browsing the net.”
Ismilyaev referred to earlier research last month that said Bitcoin users and traders accessing the Tor network faced an increased risk of their funds getting lost to hackers. This was possible as attackers could manipulate traffic and launch a “man in the middle” attack to redirect users to a malicious website.
A mysterious group has hijacked Tor exit relays to perform SSL stripping attacks on users visiting Bitcoin mixers
— Catalin Cimpanu (@campuscodi) August 10, 2020
Ismilyaev said Tor’s design is not without weaknesses. “User traffic has to pass through several routers and go through an “exit node” before reaching the supposed destination,” said Ismilyaev
And the above means crypto platforms become a target too. Ismilyaev added, “exit nodes can be abused by a malicious party, making attacks on cryptocurrency websites also possible.”
But that does not mean users have to abandon Tor usage. Ismilyaev explained:
“So my suggestion is to configure the “HTTPS Everywhere” extension of Tor Browser. Just turn on the “Encrypt All Sites Eligible” setting, and it would block any accident attempts to use unencrypted websites.”
He added that such measures both help solve this issue risks harming either Tor’s users or the anonymity of people who own the exit nodes.
The Bitcoin-Tor vulnerability
A report by a pseudonymous researcher, “nusenu,” in August singled out Tor users being exposed to hackers and attackers online, the latter making use of network’s nodes to conduct malicious attacks.
Nusenu said a malicious party began running a large number of Tor exit relays, peaking at 23% earlier this year. They added it was a “known vulnerability” but website operators failed to implement the features and the “many” countermeasures available.
“Nusenu” noted malicious attacks have reduced. Image: Medium
They noted the attackers were primarily focused on cryptocurrency-related sites and platforms, replacing a user’s Bitcoin address with then pocketing the funds once a victim’s transfer went through. The report explained:
“It appears that they are primarily after cryptocurrency-related websites — namely multiple bitcoin mixer services. They replaced bitcoin addresses in HTTP traffic to redirect transactions to their wallets instead of the user-provided bitcoin address.”
Fortunately, as per nusenu, the number of hacker-controlled relays went down to “about 10% as of August.” However, it remains unknown how much Bitcoin has already been siphoned off by bad actors using the method so far this year.