Report: Hacking Operation Controlled 24% Of Tor Exit Relays

  • The hackers focused primarily on mixer services and other cryptocurrency-related websites.
  • At present, their reach has been reduced to only 10%, but a full solution is yet to be implemented.
Tor browser wallpaper

Tor browser wallpaper. HipWallpaper

On August 9, a report explaining a Bitcoin exploit using exit nodes was released on Medium by pseudonymous cybersecurity researcher “nusenu”. According to the report, a group of hackers exercised influence over the privacy browser Tor to hijack cryptocurrency transactions by manipulating user exit relay data.

The researcher also found that in May this year, the hackers controlled an astonishing 24% of all exit relays on the network, which is the most control they have had over the last five years. Their scam consisted of using the relays to remove encryption protocols on websites to see users’ data and steal BTC.

“Tor exit relays are the last hop in the chain of 3 relays and the only type of relay that gets to see the connection to the actual destination chosen by the Tor Browser user. The used protocol (i.e. http vs. https) by the user decides whether a malicious exit relay can actually see and manipulate the transferred content or not,” said “nusenu”.

According to the report, such attacks are a frequent occurrence, but an exploit of this scale is something that has not happened in quite some time. Moreover, while the full extent of their operation is still unknown, one thing is clear – the offenders’ goal is to profit from this endeavor by maliciously stealing users’ Bitcoin.

The anonymous researcher also proceeded to explain exactly how the scam works:

“Malicious relays are just used to gain access to user traffic. To make detection harder, the malicious entity did not attack all websites equally. It appears that they are primarily after cryptocurrency related websites — namely multiple bitcoin mixer services. They replaced bitcoin addresses in HTTP traffic to redirect transactions to their wallets instead of the user provided bitcoin address. Bitcoin address rewriting attacks are not new, but the scale of their operations is. It is not possible to determine if they engage in other types of attacks.”

As Tor is considered the standard for web anonymity, this vulnerability will certainly have a massive effect on its online community. To fix the issue, the researcher suggests limiting the amount of exit relays in the short term and establishing a certain amount of “known operators” in the long term, including email address verification or submitting physical addresses.

Discussion
Related Coverage
Virtual Gold Rush: The Emergence of Bitcoin Gaming as the New Frontier in Online Entertainment

In the ever-evolving world of online entertainment, Bitcoin gaming is no longer just a niche interest for cryptocurrency enthusiasts. With the rise of blockchain technology, Bitcoin games have become a significant trend, drawing in players from all corners of the globe with the promise of transparent gaming experiences and financial incentives. As this new frontier […]

February 11, 2024, 10:05 PM

Freepik

Understanding The Nuances of Provably Fair Crypto Games In 2023 
  • Thanks to the emergence of cryptocurrencies and technologies such as blockchain, gambling enthusiasts now have access to a new breed of games: provably fair crypto games.
  • Such games leverage blockchain technology and use encryption standards to reassure users that their chances of winning are accurately determined without outside influence.
Bitcoin’s Rise in The Central African Republic
  • While not the largest countries in the world, CAR and El Salvador’s decision to legalise Bitcoin will surely have an effect on the rest of the world.
  • With the rise of Bitcoin, more and more crypto-based platforms will increase their popularity and improve the industry’s potential.