Tor Network Compromised by Single Hacker Stealing Users’ Bitcoin: Report

Tor-2
12 August 2020

A single malicious entity controls nearly a quarter of all nodes used on the anonymous internet provider Tor Network and is using its position to steal bitcoin and other cryptocurrencies.

  • A cybersecurity analyst, using the pseudonym "nusenu," said in a report this week a hacker now controls approximately 23% of the Tor Network's exit relay capacity.
  • The Tor Network provides anonymous internet access with voluntarily run relays that route traffic in order to obfuscate users' traceable and identifiable IP addresses.
  • The exit relay is the final stage that connects users to their requested websites.
  • Per the report, the hacker is using her/his position as a major exit relay host to stage sophisticated person-in-the-middle attacks, stripping websites of encryption and giving her/him full unrestricted access to traffic passing through her/his servers.
  • The malicious agent primarily focused on bitcoin mixer services, replacing wallet addresses so the mixer returns "clean" funds to the hacker rather than the original user.
  • A lack of enforcement on the Tor Network means the hacker has more than doubled her/his share of exit relays from under 10% last December, nusenu said.
  • It's unclear how much cryptocurrency has been stolen and whether the malicious agent is engaged in other attacks.
  • At least one bitcoin mixer service has added an additional security layer preventing hackers from removing their website's encryption.
  • The identity of the hacker remains a mystery and it isn't clear if there's any added motivation is for the attack besides stealing cryptocurrencies.

See also: Binance Labs Leads $1M Seed Round in Crypto Tor Alternative HOPR