Man-in-the-Middle Attack
A Man-in-the-Middle (MITM) attack occurs when an attacker secretly intercepts and alters communication between a user and a blockchain service, such as changing wallet addresses during transactions.
What Is a Man-in-the-Middle Attack?
A Man-in-the-Middle Attack (MITM), also known as an interception attack, occurs when an attacker secretly positions themselves between a user and a blockchain service or another party. The attacker intercepts communication, relays it, and potentially alters it without detection. For example, during a cryptocurrency transaction, the attacker swaps the recipient's wallet address with their own.
Attackers achieve this by exploiting network vulnerabilities. They use techniques like ARP spoofing to impersonate the gateway on a local network, creating fake Wi-Fi hotspots to lure users, or compromising DNS to redirect traffic. The attacker decrypts, reads, or modifies data in transit—such as transaction details—then forwards it. Victims see normal operation, but the attacker controls the flow.
MITM attacks matter greatly in cryptocurrency because they undermine transaction security. Users risk sending funds to attackers instead of intended recipients. Public blockchains rely on accurate address verification; any swap leads to irreversible theft. Exchanges and wallets vulnerable to unsecured connections face high risks.
Key characteristics include stealth—the attack evades detection by mimicking legitimate traffic. Types split into passive (eavesdropping only) and active (altering data). Prevention involves HTTPS, VPNs, verifying addresses manually, and hardware wallets that sign transactions offline.
Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.
Read full definitionAddress Verification confirms the receiving address shown on a hardware wallet's screen matches the one on the computer or app, preventing malware from altering it.
Read full definitionIn cryptocurrency, a swap is the direct exchange of one token for another on a blockchain, often via decentralized exchanges (DEXs) without intermediaries.
Read full definitionReal-World Examples
Example 1: Fake Wi-Fi Hotspot
At a cryptocurrency conference, an attacker creates a hotspot named "FreeCryptoWiFi". A user connects, logs into their exchange, and confirms a transaction. The attacker intercepts the connection, swaps the recipient wallet address from 0xabc123... to their own 0xdef456..., and relays the altered transaction. Funds go to the attacker.
Example 2: ARP Spoofing on Public Network
On a coffee shop Wi-Fi, the attacker poisons the ARP cache to impersonate the router. A victim uses a web wallet to send BTC. The attacker decrypts the traffic, changes the amount from 0.1 BTC to 0.01 BTC, pockets the difference, and forwards the rest undetected.
Example 3: DNS Hijacking
An attacker poisons a DNS resolver. A user types "wallet.example.com" in their browser. Traffic redirects to the attacker's server, which mimics the site. During login and transaction signing, the attacker steals session cookies and alters the destination address before relaying to the real server.
Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.
Read full definitionIn cryptocurrency, a swap is the direct exchange of one token for another on a blockchain, often via decentralized exchanges (DEXs) without intermediaries.
Read full definitionBitcoin (BTC) is the first decentralized cryptocurrency, launched in 2009. It uses blockchain technology for secure, peer-to-peer digital transactions without intermediaries.
Read full definitionReady to Choose a Secure Wallet?
Use our tools to find the right hardware wallet for your needs.