A few days ago a possible vulnerability was detected when using TOR that could cause the loss of bitcoins (BTC) at the time of sending. This is because the attacker could change the destination address of the funds.
The vulnerability was detailed by user HeoricLife on the Reddit forum. This bitcoiner describes that it has “been receiving reports from clients that bitcoin mixers are stealing their coins.” He adds: “now I have an assumption (…) of what is happening.”
According to the user, the vulnerability is not found on the TOR or Bitcoin infrastructure, but on the malicious use of the anonymity network. The attack is carried out using malicious nodes within TOR which they look for connections to online cryptocurrency services, such as mixers.
Once the attacker has identified a request to connect to a website in the field of cryptocurrencies, he proceeds to breach security. In this case, it changes HTTPS type requests, with strong and secure encryption, for their HTTP predecessor. This occurs because many users do not enter the HTTPS prefix or do not make sure that they are entering a website with this protocol.
HTTP this is a protocol for storing and sending data. Its successor, HTTPS, was born out of the need to offer more secure and private connections. Other options have recently been born, such as IPFS, which try to offer a system similar to HTTP but in a decentralized ecosystem.
After the connection is compromised, since the data exchange is done through a plain text without encryption, the attacker changes the original address to one of his own. That way you can get hold of the bitcoins coming from the mixer.
Yes OK HeroicLife focuses on cases related to mixers, This type of situation can occur on any website from which bitcoins are withdrawn.
How to avoid these types of attacks
As a solution, the Reddit user gave a series of recommendations to users to avoid being victims of a possible theft of bitcoins.
The first one is to use a service known as HSTS Preload, which prevents the web from redirecting from an HTTPS server to an HTTP. It also recommends using HTTPS Everywhere, whose extension is responsible for verifying if you are entering a website with HTTPS, otherwise it will launch a warning message. Along with this, it also suggests doing manual checks to see if you are connecting to an HTTPS web and not to an HTTP one.
Finally, HeroicLife recommends not using TOR for sending cryptocurrencies. Instead, it advises using a VPN (several of these services accept bitcoin as a means of payment, as reported by CriptoNoticias). This is because the TOR network, as it was initially described, is infected by malicious nodes that can compromise users.
It should be noted that the latest version of the Bitcoin Core 22.0 client is possible to use TOR connections, if the user so wishes, a fact that was reported by this means.