Skip to main content

Tor network hijacked for SSL attacks

(Image credit: Image Credit: David McBee / Pexels)

Unknown hackers are abusing privacy-focused web browser Tor to hijack bitcoin (opens in new tab) transactions, according to report (opens in new tab) from independent security researcher Nusenu.

The hackers have introduced hundreds of malicious exit relays (servers through which user traffic is funnelled before reaching the public internet) to the Tor network since January 2020.

These exit relays allow the cybercriminal group to perform perform SSL stripping attacks, bypassing HTTPS security controls.

“They perform person-in-the-middle attacks on Tor users by manipulating traffic as it flows through their exit relays,” Nusenu explains. “They (selectively) remove HTTP-to-HTTPS redirects to gain full access to plain unencrypted HTTP traffic without causing TLS certificate warnings.”

The hackers are using this exploit to attack users of bitcoin mixing services, which allow cryptocurrency holders to obscure the relationship between the sender and recipient in a transaction.

By replacing the recipient wallet address in unsecured HTTP traffic, the hackers are able to funnel cryptocurrency into their own wallets.

According to the report, the attackers still control a tenth of all Tor nodes today, despite repeated attempts to eliminate malicious exit relays from the network.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.