Hackers attacked Tor users to steal bitcoins

An unknown hacker group used the Tor network to attack users of cryptocurrency sites.

Attackers took control of a significant proportion of Tor exit capacity – by May 2020, they controlled almost a quarter of all such capacity.

According to security researcher Nusenu, by manipulating traffic, hackers carried out so-called middleman attacks (a type of attack when an attacker secretly relays and, if necessary, changes the connection between two parties who believe that they are directly communicating with each other). They replaced user traffic from HTTPS addresses to less secure HTTP.

This allowed them to replace bitcoin addresses in the HTTP traffic associated with bitcoin mixers to forward transactions to their wallets instead of user wallets.

Nusenu also clarified that such attacks have been carried out in the past, but there have not been such large-scale attacks before.

The author contacted Tor admins with a report of the problem. They took action to fix the problem, but in August hackers still controlled approximately 10% of exit nodes.