A single malicious entity controls nearly a quarter of all nodes used on the anonymous internet provider Tor Network and is using its position to steal bitcoin and other cryptocurrencies.
- A cybersecurity analyst, using the pseudonym "nusenu," said in a report this week a hacker now controls approximately 23% of the Tor Network's exit relay capacity.
- The Tor Network provides anonymous internet access with voluntarily run relays that route traffic in order to obfuscate users' traceable and identifiable IP addresses.
- The exit relay is the final stage that connects users to their requested websites.
- Per the report, the hacker is using her/his position as a major exit relay host to stage sophisticated person-in-the-middle attacks, stripping websites of encryption and giving her/him full unrestricted access to traffic passing through her/his servers.
- The malicious agent primarily focused on bitcoin mixer services, replacing wallet addresses so the mixer returns "clean" funds to the hacker rather than the original user.
- A lack of enforcement on the Tor Network means the hacker has more than doubled her/his share of exit relays from under 10% last December, nusenu said.
- It's unclear how much cryptocurrency has been stolen and whether the malicious agent is engaged in other attacks.
- At least one bitcoin mixer service has added an additional security layer preventing hackers from removing their website's encryption.
- The identity of the hacker remains a mystery and it isn't clear if there's any added motivation is for the attack besides stealing cryptocurrencies.