Cryptheory – Just Crypto

Cryptocurrencies are our life! Get an Overview of Market News

TOR browser has bug that allows users to steal BTC

2 min read

 

Researchers announced that they detected a vulnerability when using TOR that could cause the loss of Bitcoins (BTC).

According to the researchers, this is because the attacker can change the destination address of the backgrounds on the mixers used by the software. The vulnerability was detailed by user HeoricLife on the Reddit forum.

As explained by the user, the vulnerability is not in the TOR or BTC infrastructure, but in the malicious use of the anonymity network.

The attack is carried out through malicious nodes within TOR that seek connections to online cryptocurrency services such as mixers.

Once an attacker identifies a request to connect to a website in the cryptocurrency area, he or she breaks security. In this case, it changes HTTPS-type requests, with strong and secure encryption, to its HTTP predecessor.

This is possible because many users do not enter the HTTPS prefix or because they are not sure they are on a site with this protocol.

BTC theft

After the connection is compromised, the attacker exchanges the original address for yours. In this way, the final destination of the Bitcoins sent by the TOR with a mixer are those of the invader.

Although HeroicLife focuses on mixer-related cases, these types of situations can occur on any site from which Bitcoins are pulled.

As a solution, the user listed a series of recommendations to users. The first is to use a service known as HSTS Preload. It prevents the web from redirecting from an HTTPS server to an HTTP server.

Furthermore, it recommended the use of HTTPS Everywhere, an extension that checks if the user is on an HTTPS site. Otherwise, a warning message will be posted.

Finally, he suggests manually checking the connection to an HTTPS web instead of an HTTP one.

Artist behind Bored Ape Yacht Club to reveal new NFTs in Art Basel

All content in this article is for informational purposes only and in no way serves as investment advice. Investing in cryptocurrencies, commodities and stocks is very risky and can lead to capital losses.
BlackRock (IBIT), the Grayscale Bitcoin Trust (GBTC), Fidelity (FBTC), Ark Invest/21Shares (ARKB), Bitwise (BITB), Franklin (EZBC), Invesco/Galaxy (BTCO), VanEck (HODL), Valkyrie (BRRR), WisdomTree (BTCW), Hashdex (DEFI)

Leave a Reply

Your email address will not be published. Required fields are marked *