How do Man-In-The-Middle attacks work?

Sorry if this is off-topic but of all the possible subs I could ask this question to, this is the only really responsive one.

I read that using LocalBitcoins through Tor opens up the possibility for Man-In-The-Middle attacks. How exactly does this work? Are there ways to mitigate this for LocalBitcoins usage? Are these kinds of attacks possible while using other crypto exchanges through Tor as well (such as Binance)?


Comments


[9 Points] diOpAnonMu:

When you use Tor, you are connecting to 3 different computers before your destination (unless it's a hidden service, which is different).

You -> entry node -> relay node -> exit node -> destination.

Some types of traffic can be read and sometimes modified by the exit node. If the destination is not using authenticated encryption (https is one example), then the exit node can change the traffic.

One way that this can mess you up is that the exit can change a wallet address to one that the attacker controls so you send your cryptocurrency to an attacker instead of your vendor.

Edit: corrected the term between entry and exit


[3 Points] pymmit:

Here is a simple way to look at it.

You-->Coinbase = good

You-->TOR (mitm)-->Coinbase = bad


[1 Points] None:

Back when 1btc was worth $300 I lost a coin because an exit node was compromised and showed a fake address on a bitpay invoice,