|
|
|
|
|
|
by chatmasta
4254 days ago
|
|
|
You're right. Let me clarify: I'm not worried about the transactions themselves, as
they appear on the blockchain. What worries me is the
"meta transactions", if you will. The Bitcoin ecosystem
is full of off-blockchain transactions. For example,
mining pools use their own communication mechanisms, which
the BGP attack this summer exploited. Also, dozens of
exchanges, marketplaces, and services rely on HTTP API's
for transacting. Even if the blockchain is not vulnerable,
the external transactions that reference it certainly could be. Imagine how many "send X bitcoin from wallet Y to wallet Z"
requests route over HTTP. Quite a few. So yeah, not "trivial" as I said. But certainly not impossible. (Welcome to HN! I'm glad my mistake brought you out of the woodwork.) |
|
|
And to further your point, it appears this guy (https://www.reddit.com/r/Bitcoin/comments/2k38ta/my_wallet_w...) just got his coins stolen by using blockchain.info over TOR.
However, I still believe nothing is fundamentally broken. Any important protocol should be using SSL - especially when operating over TOR. Lapses like this are still simply user error.