LiberLion on Nostr: Chainalysis Hijacked the DNS of some #Monero nodes to compromise them. What happened? ...
Chainalysis Hijacked the DNS of some #Monero nodes to compromise them.
What happened?
Let me explain what I have researched.
Given the resource requirements, it probably wouldn't make much financial sense for malicious actors to operate their dedicated nodes.
Instead, they operate “fake nodes” which are Nginx servers that act as reverse proxies, forwarding traffic to legitimate nodes while capturing a copy of the underlying data. Nginx (pronounced "engine-x") is a high-performance, open-source web server software that functions as a reverse proxy server, load balancer, and HTTP cache. It is widely known for its ability to handle high traffic loads and serve static content efficiently
This is what happened:
a) The domain owner points their domain to a VPS (Virtual Private Server). It is a hosting service that utilizes virtualization technology to provide users with dedicated resources on a server shared among multiple users.
b) The domain owner stops paying the VPS and leaves.
c) Chainanalysis rents that VPS and controls the domain, because the zone record isn't reflecting the change.
d) Then popular wallets have these nodes in their lists, and that's how Chainalysis gets "trusted" nodes.
In-depth analysis:
https://www.digilol.net/blog/chainanalysis-malicious-xmr.html
In my opinion, as long as both #Nostr and #Monero continue to rely on domains regulated or controlled by governments we are going to have problems.
Read more here:
https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/
What happened?
Let me explain what I have researched.
Given the resource requirements, it probably wouldn't make much financial sense for malicious actors to operate their dedicated nodes.
Instead, they operate “fake nodes” which are Nginx servers that act as reverse proxies, forwarding traffic to legitimate nodes while capturing a copy of the underlying data. Nginx (pronounced "engine-x") is a high-performance, open-source web server software that functions as a reverse proxy server, load balancer, and HTTP cache. It is widely known for its ability to handle high traffic loads and serve static content efficiently
This is what happened:
a) The domain owner points their domain to a VPS (Virtual Private Server). It is a hosting service that utilizes virtualization technology to provide users with dedicated resources on a server shared among multiple users.
b) The domain owner stops paying the VPS and leaves.
c) Chainanalysis rents that VPS and controls the domain, because the zone record isn't reflecting the change.
d) Then popular wallets have these nodes in their lists, and that's how Chainalysis gets "trusted" nodes.
In-depth analysis:
https://www.digilol.net/blog/chainanalysis-malicious-xmr.html
In my opinion, as long as both #Nostr and #Monero continue to rely on domains regulated or controlled by governments we are going to have problems.
Read more here:
https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/