has increased privacy and security measures for all its users by becoming the second website in the world to receive a .onion address. Users now have the ability to access their Blockchain online wallets directly through the Tor network. This eliminates the need to leave the network to access online wallets and prevents transaction interception, theft and malware downloads.


Bitcoin is an electronic cryptocurrency used to purchase virtual and actual goods and services. It is not contractually backed by assets or legal currency laws, is not controlled by a central authority and is not a tangible good. Bitcoins can be sent to anyone with an Internet connection.

Blockchain states that Blockchain is a public ledger of all transactions that take place in the bitcoin network. The website displays a running list of all bitcoin activity and began as a way to show users’ activities and transactions. Additionally, Blockchain now offers a Web-based bitcoin wallet service.


The Onion Router, also known as Tor, is a free software service that lets users surf the Internet anonymously and without censorship. It was created to protect U.S. intelligence communication channels over the Internet. After some time, the code was released to let private citizens and nongovernmental organizations communicate outside of countries that may have surveillance or censorship rules.

The term “Onion Router” refers to layers of encryption similar to the multiple rings of an onion. Tor works by encrypting all original IP information as well as the destination IP address. According to TechRepublic, Tor uses a minimum of three servers to pass traffic on, each of which is encapsulated by its own layer of encryption. Each server only identifies the IP that sent it the packet, limiting packet and traffic visibility from node to node. Only the final server knows the destination of the user’s online traffic, maintaining the anonymity of the user. and Tor

Only two companies in the world have received a SSL certificate for a Tor address: Facebook in late October 2014 and in early December 2014. Many bitcoin enthusiasts see this as a major accomplishment for privacy and security specific to Web-based bitcoin wallets. There have been many reports of individuals with wallets having their bitcoins stolen while making transactions on the Tor network. It is believed that man-in-the-middle (MITM) attacks were targeting transactions running on infected Tor exit nodes. MITM attacks hijack communications between two systems by intercepting a public key exchange, injecting their own public key and retransmitting the message unbeknownst to the original user.

CryptoCoinsNews states that the MITM attack vector involved stripping the SSL from the website, which results in the user being on a HTTP instead of a HTTPS page. The newest version of the Tor browser will display a yellow exclamation point if the browser is no longer displaying a valid SSL certificate. Many casual Tor users that do not understand the known security flaws associated with rogue exit nodes have fallen victim to this exploit.

The Tor address has a 10-digit address, blockchainbdgpzk.onion#sthash.0X1PXctz.dpuf. Additionally, Tor Web addresses are developed in a similar method to bitcoin addresses through encryption and public keys that generate a random grouping of numbers and letters. These increased security measures make it extremely hard for cybercriminals to steal bitcoins since all transactions can be conducted from within the Tor network and no exit relays are needed to access Blockchain online wallets.

Yet another reason why bitcoin enthusiasts will rejoice is that prior to getting its .onion certificate, individuals using bitcoins on the Tor network were at a higher risk of having their identities exposed. In fact, reports indicate that this was happening by way of government-sponsored cyberattacks. According to Josh Pitts of Leviathan Security, a Tor exit relay based in Russia has been compromised for an unknown length of time. This exit relay was injecting malware into computers of users who were downloading programs through the Tor network by modifying legitimate files and applications with malicious binary.

Analyst Comments

A positive outcome from the creation of a .onion or hidden service for is that bitcoin users do not need to go through an exit relay to access their bitcoin wallets — all transactions remain within the Tor environment. This greatly reduces MITM attacks and makes it harder for bitcoin users’ identities to be exposed within the Tor environment.

A negative outcome from the creation of a .onion or hidden service for goes back to all nefarious dark Web activity. The Tor network lets users travel into the dirty underbelly of the dark Web. The additional anonymity and security measures associated with will make it exceptionally difficult to trace bitcoins back to the individuals making the transactions. It is currently possible in some instances to trace an IP address of a computer used to make bitcoin transactions, especially if the IP address is static. It becomes increasingly difficult and nearly impossible to trace an IP address being used on the Tor network because they move to different relays and display many IP addresses and locations. This becomes problematic when the transactions are for illegal goods and services, such as drugs, human trafficking, child pornography and hit men for hire.

Image Source: Flickr

More from Banking & Finance

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…