Researchers announced that they detected a vulnerability when using TOR that could cause the loss of Bitcoins (BTC).
According to the researchers, this is because the attacker can change the destination address of the backgrounds on the mixers used by the software. The vulnerability was detailed by user HeoricLife on the Reddit forum.
As explained by the user, the vulnerability is not in the TOR or BTC infrastructure, but in the malicious use of the anonymity network.
The attack is carried out through malicious nodes within TOR that seek connections to online cryptocurrency services such as mixers.
Once an attacker identifies a request to connect to a website in the cryptocurrency area, he or she breaks security. In this case, it changes HTTPS-type requests, with strong and secure encryption, to its HTTP predecessor.
This is possible because many users do not enter the HTTPS prefix or because they are not sure they are on a site with this protocol.
After the connection is compromised, the attacker exchanges the original address for yours. In this way, the final destination of the Bitcoins sent by the TOR with a mixer are those of the invader.
Although HeroicLife focuses on mixer-related cases, these types of situations can occur on any site from which Bitcoins are pulled.
As a solution, the user listed a series of recommendations to users. The first is to use a service known as HSTS Preload. It prevents the web from redirecting from an HTTPS server to an HTTP server.
Furthermore, it recommended the use of HTTPS Everywhere, an extension that checks if the user is on an HTTPS site. Otherwise, a warning message will be posted.
Finally, he suggests manually checking the connection to an HTTPS web instead of an HTTP one.