In the past, there have been several reports of Blockchain.info users losing their funds after using Blockchain.info through the Tor network. Rogue Tor exit nodes were being specifically used to execute man in the middle (MITM) attacks on users connecting to Blockchain.info through Tor. The common attack vector involved stripping the SSL from the website, which results in the user being on an http instead of an https page; however, this is an easily overlooked occurrence. The newest version of the Tor browser will display a yellow exclamation point if your browser is no longer displaying a valid SSL certificate, but many casual users of Tor that do not understand the known security flaws associated with rogue exit nodes have fallen victim to this exploit.
Last week, in response to the most recent wave of Blockchain.info via Tor robberies, Blockchain.info temporarily blocked all Tor exit nodes. The valid suspicion was that dedicated Bitcoin webwallet hacking exit nodes had been created to systemically rob unwary Tor users blind. Blockchain.info has since started using HSTS as well as providing a dedicated Tor onion address to its Tor population.
Nik Cubrilovic, who helped Blockchain.info with the timely project, explained in his blogpost:
Over the past couple of weeks there has been a marked increase in the number of man-in-the-middle (MITM) attacks against Tor users of web based Bitcoin wallet provider Blockchain.info. One user reported 63 bitcoin stolen, and there were many other examples as the thefts continued despite warnings to users. The attacks were so successful that Blockchain resorted to blocking all traffic to the wallet service from Tor exit nodes.
I’ve been working with Blockchain since Saturday to implement a number of security measures to better protect users. The main result of these efforts is that today we are announcing that Blockchain is now available as a hidden service on Tor with a signed SSL certificate (provided by DigiCert) and HTTPS enforced across the site. The address is
Blockchain are now only the second site to offer an alternate service on the Tor network with a signed certificate after Facebook announced their own hidden service last month.
Cubrilovic goes into much more detail in his post, which is a recommended read.
Blockchain.info has now joined Facebook as one of the largest Clear Web service providers that maintain a dedicated presence on the Dark Net. Back in October, Facebook announced that it had created a .onion address specifically for Tor users. What’s more, Tor users that connect to the Facebook .onion address end up with end-to-end encryption to a server in Facebook’s data center directly via SSL. This is where the SSL certificate and DigiCert come in; Facebook’s Tor front door was the first .onion address to receive a legit SSL certificate. The SSL certificate lets users know, with confidence, that they are connecting with the service, be it Facebook or Blockchain.info, that they actually want to connect to. The choice to use Tor is a natural one for some: Those that live under oppressive regimes may soon find themselves using both Blockchain.info’s and Facebook’s .onion addresses just to stay connected and safe.
What do you think about Blockchain.info’s .onion address? Comment below!
Images from Blockchain.info and Shutterstock.