The attacker creates malicious servers that capture user traffic. Once it diverts users, it places fraudulent cryptocurrency addresses.
A hacker is breaking into the Tor network to steal cryptocurrencies from users who browse with this server, which focuses on the privacy of Internet connections.
According to a report published this week, since January 2020 the attacker has been using different techniques to divert cryptocurrency users’ traffic to malicious websites, in order to misappropriate their funds.
Through the so-called ” exit relays “, they manage to remove users from private browsing within Tor to the public Internet network . In what they call ” SSL stripping attack “, attackers direct traffic from the HTTPS (encrypted) protocol to HTTP (plain text), exposing users’ safety.
Thus, the attacker can easily substitute a hash address for his own, causing the user to send his cryptocurrencies to this false address , owned by the attacker.
The attacks were originally denounced by an investigator identified under the pseudonym Nusenu in August 2020, who then recounted how the attacker managed to control 23% of the total outbound ports of the Tor network, being countered by the administrators of this network.
However, the new report indicates that the hacker continued and continues to perpetrate these attacks. In fact, it indicates that in February 2021 the attacker managed to monopolize 27% of Tor’s outbound ports. Now, as of today, the attacker would control between 4% and 6% of the network , insisting on its malicious purpose.
Faced with the measures that the Tor team has taken to counter these attacks, the malicious actor attacked with all his might in early May 2021 to carry out another attack, managing to add 1,000 additional outbound servers to the nearly 1,500 that, on average , are kept on the Tor network.
Tor: private browser but not of maximum security
Tor has published recommendations for the users of its browser and its servers to avoid being victims of this type of attack, the same recommendations that can be applied by cryptocurrency users who use this privacy-focused service.
In relation to this service and Bitcoin , as CriptoNoticias reported , version 3 (V3) of the .onion addresses , native to the Tor service , was recently released . Since Bitcoin nodes and some wallets and services can connect to the Internet through this route, and older versions are currently vulnerable to various types of attacks.