Blockchain.info has increased privacy and security measures for all its users by becoming the second website in the world to receive a .onion address. Users now have the ability to access their Blockchain online wallets directly through the Tor network. This eliminates the need to leave the network to access online wallets and prevents transaction interception, theft and malware downloads.

Bitcoin

Bitcoin is an electronic cryptocurrency used to purchase virtual and actual goods and services. It is not contractually backed by assets or legal currency laws, is not controlled by a central authority and is not a tangible good. Bitcoins can be sent to anyone with an Internet connection.

Blockchain

Blockchain.info states that Blockchain is a public ledger of all transactions that take place in the bitcoin network. The website displays a running list of all bitcoin activity and began as a way to show users’ activities and transactions. Additionally, Blockchain now offers a Web-based bitcoin wallet service.

Tor

The Onion Router, also known as Tor, is a free software service that lets users surf the Internet anonymously and without censorship. It was created to protect U.S. intelligence communication channels over the Internet. After some time, the code was released to let private citizens and nongovernmental organizations communicate outside of countries that may have surveillance or censorship rules.

The term “Onion Router” refers to layers of encryption similar to the multiple rings of an onion. Tor works by encrypting all original IP information as well as the destination IP address. According to TechRepublic, Tor uses a minimum of three servers to pass traffic on, each of which is encapsulated by its own layer of encryption. Each server only identifies the IP that sent it the packet, limiting packet and traffic visibility from node to node. Only the final server knows the destination of the user’s online traffic, maintaining the anonymity of the user.

Blockchain.info and Tor

Only two companies in the world have received a SSL certificate for a Tor address: Facebook in late October 2014 and Blockchain.info in early December 2014. Many bitcoin enthusiasts see this as a major accomplishment for privacy and security specific to Web-based bitcoin wallets. There have been many reports of individuals with Blockchain.info wallets having their bitcoins stolen while making transactions on the Tor network. It is believed that man-in-the-middle (MITM) attacks were targeting Blockchain.info transactions running on infected Tor exit nodes. MITM attacks hijack communications between two systems by intercepting a public key exchange, injecting their own public key and retransmitting the message unbeknownst to the original user.

CryptoCoinsNews states that the MITM attack vector involved stripping the SSL from the website, which results in the user being on a HTTP instead of a HTTPS page. The newest version of the Tor browser will display a yellow exclamation point if the browser is no longer displaying a valid SSL certificate. Many casual Tor users that do not understand the known security flaws associated with rogue exit nodes have fallen victim to this exploit.

The Blockchain.info Tor address has a 10-digit address, blockchainbdgpzk.onion#sthash.0X1PXctz.dpuf. Additionally, Tor Web addresses are developed in a similar method to bitcoin addresses through encryption and public keys that generate a random grouping of numbers and letters. These increased security measures make it extremely hard for cybercriminals to steal bitcoins since all transactions can be conducted from within the Tor network and no exit relays are needed to access Blockchain online wallets.

Yet another reason why bitcoin enthusiasts will rejoice is that prior to Blockchain.info getting its .onion certificate, individuals using bitcoins on the Tor network were at a higher risk of having their identities exposed. In fact, reports indicate that this was happening by way of government-sponsored cyberattacks. According to Josh Pitts of Leviathan Security, a Tor exit relay based in Russia has been compromised for an unknown length of time. This exit relay was injecting malware into computers of users who were downloading programs through the Tor network by modifying legitimate files and applications with malicious binary.

Analyst Comments

A positive outcome from the creation of a .onion or hidden service for Blockchain.info is that bitcoin users do not need to go through an exit relay to access their bitcoin wallets — all transactions remain within the Tor environment. This greatly reduces MITM attacks and makes it harder for bitcoin users’ identities to be exposed within the Tor environment.

A negative outcome from the creation of a .onion or hidden service for Blockchain.info goes back to all nefarious dark Web activity. The Tor network lets users travel into the dirty underbelly of the dark Web. The additional anonymity and security measures associated with Blockchain.info will make it exceptionally difficult to trace bitcoins back to the individuals making the transactions. It is currently possible in some instances to trace an IP address of a computer used to make bitcoin transactions, especially if the IP address is static. It becomes increasingly difficult and nearly impossible to trace an IP address being used on the Tor network because they move to different relays and display many IP addresses and locations. This becomes problematic when the transactions are for illegal goods and services, such as drugs, human trafficking, child pornography and hit men for hire.

Image Source: Flickr

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today