Anonymity and information protection has been a major issue for many cryptocurrency investors and internet users in general. However, users of the Tor network have been – and likely still are – exposed to greater risk of losing their digital assets as malicious actors have been on a mission to gain control of large swathes of the network’s exit relays.
Over a period of 16 months that began in January of last year, the cybercriminal/s have industriously added exit nodes – the nodes responsible for redirecting Tor Network user trafic back to the public Internet after it has been anonymized – to a point where about 27% of the network’s exit relays where under the hacker’s control.
According to the original post by cyber security researcher, Nusenu, the malicious actor had already going control of a quarter of the network’ exit nodes by the 30 of October last year – in what was building up to be “the largest malicious tor exit fraction I’ve ever observed by a single actor.” the researcher noted. Interestingly, the cyber security research had already tried to sound off the sirens in an earlier blog post published in August 2020.
The Exit Relay Hacker In Attack Mode
The hacker’s malicious relays have been working to pinpoint traffic that is being directed towards crypto mixing services. In the next step, ssl stripping attacks are employed in order to reduce the target’s connection from an encrypted HTTPS to plaintext HTTP. In this scenario the hacker is able to covertly swap out digital asset wallet addresses with their own in order to intercept the unsuspecting user’s funds.
Though the Tor Network managed to take down these servers late last year, it did not take long before the hacker had them back up and running. According to Nusenu’s report on the matter, the attacker also utilized download modification after competition for the ssl strip attacks.
Conclusion
From all the available information, it is safe to assume that the attacks are ongoing and are likely to worsen with time. This scenario is made even more likely by the Tor Network seemingly being uninterested in dealing with the issue any further than removing malicious relays after they’ve been detected.
“My previous blog posts about malicious tor relay activities (1, 2) featured a section about proposals the Tor Project could implement to reduce the risks for Tor Browser users. That did not turn out to be fruitful.” Writes Nusenu.
This would mean that the safety of Tor user’s cryptocurrency is their own responsibility, so anonymise with caution.