# Hackers steal Bitcoin through large-scale exploit on Tor: report



## BarberFerdinand (Aug 11, 2020)

https://decrypt.co/38359/hackers-stealing-bitcoin-tor-exploit
		




			https://archive.fo/SAmC5
		




> *In brief*
> 
> Hackers this year controlled 24% of exit relays on Tor—that's more than ever in the last five years, according to a cyber security researcher.
> This is allowing hackers to snoop on crypto transactions and redirect Bitcoin funds to themselves.
> ...


----------



## Vecr (Aug 11, 2020)

Tor's not secure against exit node attacks unless the service uses TLS/HTTPS, or is a hidden service.


----------



## Lord of the Large Pants (Aug 11, 2020)

"Controlling these exit relays, hackers can remove encryption protocols on websites"

Er... how? Unless there's something I don't know about, having control of an exit node (or even ALL the exit nodes) won't help you strip HTTPS.


----------



## Vecr (Aug 11, 2020)

Lord of the Large Pants said:


> "Controlling these exit relays, hackers can remove encryption protocols on websites"
> 
> Er... how? Unless there's something I don't know about, having control of an exit node (or even ALL the exit nodes) won't help you strip HTTPS.



They could attempt a downgrade attack by actively interfering with the connection, if the encryption protocols are more opportunistic, than strictly required by both sides. The Tor browser is supposed to combat that problem with the https everywhere extension, but that does not work in all cases, and the user can disable it if it causes the site to "not work", letting themselves be attacked. If it's an e-mail connection, the Tor browser might not be in use at all.


----------



## Lord of the Large Pants (Aug 11, 2020)

Vecr said:


> They could attempt a downgrade attack by actively interfering with the connection, if the encryption protocols are more opportunistic, than strictly required by both sides. The Tor browser is supposed to combat that problem with the https everywhere extension, but that does not work in all cases, and the user can disable it if it causes the site to "not work", letting themselves be attacked. If it's an e-mail connection, the Tor browser might not be in use at all.


Fair enough, but the article frames it as a Tor exploit. It's not Tor that's vulnerable to a downgrade attack, it's the endpoints.

I guess if we're thinking a little more broadly I can see some way that Tor would be tangentially involved in exploits, but none of them are really the fault of Tor as such.


----------



## twozero (Aug 11, 2020)

I suppose a big part of the issue lies in there being far more downside to upside for people to altruistically run exit-nodes, which allows malicious actors to operate a relatively large proportion with ease.


----------

