Onion.top Proxy Server Stole $22k in BTC

Onion.top proxy server allows to visit tor network website via ordinary browser
31 January 2018   1049

Experts at Proofpoint found that the onion.top proxy service, which allows access to the Tor network from a regular browser, changed the bitcoin-wallets addresses. This behavior was noticed on the websites of the extortion programs LockeR, Sigma and GlobeImposter.

Operators of this proxy are surreptitiously diverting Bitcoin payments from ransomware victims to their own wallets by modifying in transit the source of web pages used for payment, replacing the ransomware author-controlled Bitcoin addresses with their own. As a result, the proxy operators are not only preventing ransomware victims from decrypting their files by paying a ransom but are also in effect stealing from the threat actors distributing ransomware. This appears to be the first scheme of this type affecting both ransomware victims and operators.

Proofpoint Team

Tor Browser (Left) and Tor Proxy (Right)Tor Browser (Left) and Tor Proxy (Right) 

Also, the company's employees found that the service has various "replacement rules" of bitcoins-wallets, indicating that operators manually configured the addresses for each individual site.

In total, two addresses of bitcoin-purses belonging to the operators onion.top were revealed. Totally, no more than 2 BTCs are kept on purses (about $ 22 thousand).

Bitcoin Wallet
Bitcoin Wallet

Operators of ransomware took into account what was happening and removed links to all proxy services from their programs, recommending that victims pay only through the Tor browser.


And the owners of the program-extortioner LockeR directly warned the victims not to use the service onion.top.

tZERO to Launch Bitcoin Trading App

Application itself is being developed by Bitsy; it may also begin to support Ethereum in the future
22 March 2019   108

The security tokens platform tZERO announced plans to launch a mobile application for buying and selling bitcoin. In the future, the application may also begin to support Ethereum,  CoinDesk reports.

According to Saum Noursalehi, CEO of tZERO, applications for iOS and Android devices should be launched in June. Bitsy is developing it, a cryptocurrency start-up that is part of the portfolio of the Overstock venture division of Medici Ventures.

That’s part of the reason we acquired Bitsy — to accelerate time to market for our mobile app. They have an app for trading crypto, primarily bitcoin, in a beta-phase, they built a wallet and key recovery mechanism, and this will be the foundation of the mobile app for tZERO. They are also working on some cool stuff like biometric login. 

Saum Noursalehi

CEO, tZero

According to him, the application will allow you to store cryptocurrency without the need to trust third parties and it will be connected to the network of exchanges through the API. The implementation of this plan will occur through partner tZERO, the institutional trading platform SFox.

In the future, the head of tZERO added, the platform also intends to create its own cryptocurrency vault to meet the demand from users.

The public beta testing of Bitsy wallet started in November 2018. With his help, the Overstock retailer plans to launch Bitcoin sales on its website.