Multiple blockchain.info wallets hacked, .onion mirror URL set up for Tor users
Several users of the blockchain.info Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that wallet, a household brand in the community, have reported that their accounts have been hacked and bitcoin withdrawn. This, despite employing multiple passwords and 2-factor authentication (2FA).
Some users have reportedly fallen victim to sophisticated phishing attacks. It is cosidered a best practice to type the correct URL into address bar, as opposed to just following links from web searches.
In addition, Tor users were further vulnerable to attack due to a rogue exit node, which stripped the SSL encryption from information sent. This can be observed when the URL displayed as "http:", as opposed to "https:". Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe .info did employ HSTS, which forces pages into "https:", but this is ineffective when users explicitly enter "http:".
The unencrypted traffic was then simply picked up in a man-in-the-middle (MITM) attack, gleaning the victim's user ID and password to access his/her wallet.
In response, blockchain.info has set up a mirror .onion URL (https://blockchatvqztbll.onion) for Tor users to ensure traffic is encrypted. This is a temporary fix while the company looks to solve the MITM issue.
When using your #Blockchain wallet via #Tor, you can now access us through this .onion link: https://blockchatvqztbll.onion/ @torproject
— Blockchain (@blockchain) November 29, 2014
Weak password management is also to blame for some of the attacks.
It has been pointed out that such attacks would be much harder to pull off when using multisig technology, although it may slow things down for everyday users.
Several users of the blockchain.info Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that wallet, a household brand in the community, have reported that their accounts have been hacked and bitcoin withdrawn. This, despite employing multiple passwords and 2-factor authentication (2FA).
Some users have reportedly fallen victim to sophisticated phishing attacks. It is cosidered a best practice to type the correct URL into address bar, as opposed to just following links from web searches.
In addition, Tor users were further vulnerable to attack due to a rogue exit node, which stripped the SSL encryption from information sent. This can be observed when the URL displayed as "http:", as opposed to "https:". Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned.) In this sense, blockchain is immune to the manipulation of data making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tampe .info did employ HSTS, which forces pages into "https:", but this is ineffective when users explicitly enter "http:".
The unencrypted traffic was then simply picked up in a man-in-the-middle (MITM) attack, gleaning the victim's user ID and password to access his/her wallet.
In response, blockchain.info has set up a mirror .onion URL (https://blockchatvqztbll.onion) for Tor users to ensure traffic is encrypted. This is a temporary fix while the company looks to solve the MITM issue.
When using your #Blockchain wallet via #Tor, you can now access us through this .onion link: https://blockchatvqztbll.onion/ @torproject
— Blockchain (@blockchain) November 29, 2014
Weak password management is also to blame for some of the attacks.
It has been pointed out that such attacks would be much harder to pull off when using multisig technology, although it may slow things down for everyday users.