Onion.top Proxy Server Stole $22k in BTC

Onion.top proxy server allows to visit tor network website via ordinary browser
31 January 2018   419

Experts at Proofpoint found that the onion.top proxy service, which allows access to the Tor network from a regular browser, changed the bitcoin-wallets addresses. This behavior was noticed on the websites of the extortion programs LockeR, Sigma and GlobeImposter.

Operators of this proxy are surreptitiously diverting Bitcoin payments from ransomware victims to their own wallets by modifying in transit the source of web pages used for payment, replacing the ransomware author-controlled Bitcoin addresses with their own. As a result, the proxy operators are not only preventing ransomware victims from decrypting their files by paying a ransom but are also in effect stealing from the threat actors distributing ransomware. This appears to be the first scheme of this type affecting both ransomware victims and operators.

Proofpoint Team

Tor Browser (Left) and Tor Proxy (Right)Tor Browser (Left) and Tor Proxy (Right) 

Also, the company's employees found that the service has various "replacement rules" of bitcoins-wallets, indicating that operators manually configured the addresses for each individual site.

In total, two addresses of bitcoin-purses belonging to the operators onion.top were revealed. Totally, no more than 2 BTCs are kept on purses (about $ 22 thousand).

Bitcoin Wallet
Bitcoin Wallet

Operators of ransomware took into account what was happening and removed links to all proxy services from their programs, recommending that victims pay only through the Tor browser.


And the owners of the program-extortioner LockeR directly warned the victims not to use the service onion.top.

ACINQ to Release Lightning API For Bitcoin Mainnet

Strike is API for easy acception of Lightning network payments
25 May 2018   47

Developers from ACINQ presented a version of Strike API for Lightning-payments in the main bitcoin network.

Strike is an API for easy acception of Lightning payments. From a technical point of view, the service works as follows: ACINQ receives and aggregates incoming payments, and then periodically sends transactions to the recipient's wallet. In other words, companies can offer their clients instant and low-cost payments, receiving funds through the usual cash transaction.

We take a 1% fee on payments, and that’s it. Automated payouts to your Bitcoin wallet are free of charge, because we batch them among merchants. The threshold for automated withdrawals can be set between 0.1–1 BTC.


Also, users can make a payment to the wallet manually, however in this case you will have to pay a commission of 0.5 mBTC.

According to ACINQ representatives, although using Strike and assuming the need to trust a third party, the level of risk is minimal, since the service sends an onchain-transaction every time the total amount of payments reaches a user-adjustable threshold.

The developers noted that the Strike integration with the WooCommerce plugin is currently underway. In addition, ACINQ is considering the possibility of partnership with the Canadian Internet company Shopify, which specializes in developing software for online and retail stores. The company serves 500,000 trading companies with a combined turnover of $ 45 billion.