Bitcoin Users Leery of Tor: 23% of the Network’s Exit Capacity Compromised – Bitcoin News


Bitcoin Users Leery of Tor: 23% of the Network’s Exit Capacity Compromised

Hackers are stealing bitcoin through the large-scale use of malicious relays on the Tor network according to a newly published research report on the subject. The researcher dubbed “nusenu” said he warned people about the growing problem in December 2019 but instead of improving Tor exit relay activity “things have become even worse,” he stressed.

Malicious entities have made visitors of the anonymous communications protocol the Tor network vulnerable to attacks. Tor is a browser and open-source software that directs a person’s web traffic in an obfuscated fashion in order to circumvent traffic analysis and network surveillance.

A great number of bitcoiners and cryptocurrency advocates leverage the Tor network to surf the web with anonymity but also to leverage darknet markets and coin mixers. Even Satoshi Nakamoto recommended the use of Tor while sending transactions for added privacy.

On February 2, 2010, Satoshi Nakamoto said:

You could use Tor if you don’t want anyone to know you’re even using Bitcoin.

The research analysis from the investigator “nusenu” says “23% of the Tor network’s exit capacity has been attacking Tor users.” Of course, the hackers are focused on making money and they have utilized bitcoin address rewriting attacks.

Bitcoin Users Leery of Tor: 23% of the Network’s Exit Capacity Compromised
“What ISPs did the attacker use? Mostly OVH and FranTech Solutions. Graph by nusenu (raw data source:”

Essentially, the person sending the coin will unknowingly send the crypto asset to a different address controlled by the hackers rather than sending it to the intended destination. Nusenu detailed that bitcoin address rewriting attacks have been happening for a long time now but the scale of the operation has swelled.

“It appears that they are primarily after cryptocurrency-related websites—namely multiple bitcoin mixer services. They replaced bitcoin addresses in HTTP traffic to redirect transactions to their wallets instead of the user-provided bitcoin address,” the researcher said in the blog post published on August 9.

The news has shaken the crypto community, as discussions concerning the subject are littered all over social media and forums. One Redditor attributed the problems to the recent Mozilla layoff as the company let go 250 people. “And Mozilla just laid off their security vulnerability staff. Speculated to impact Tor Browser security into the future,” the Redditor said. Nusenu did discuss the certain layoffs in his blog post that were attributed to the recent Covid-19 outbreak.

“After the blog post from December 2019 the Tor Project had some promising plans for 2020 with a dedicated person to drive improvements in this area, but due to the recent COVID19 related layoffs that person got assigned to another area,” nusenu said. “In addition to that, Tor directory authorities apparently are no longer removing relays they used to remove since 2020–06–26.”

It’s safe to say that most crypto advocates and bitcoiners understand the risks associated with Tor, as many believe while the network provides privacy it is also a honeypot filled with malicious behavior and law enforcement. It’s also fair to say that bitcoiners will likely play it safer after hearing that close to a quarter of the Tor exit relays may be compromised.

Tags in this story
Anonymity, bitcoin address rewriting attacks, Bitcoin Anonymity, coin mixers, Darknet Markets, nusenu, Privacy, report, rewriting attacks, Satoshi Nakamoto, Tor, tor browser, Tor Network

What do you think about the recent Tor exit relay revelations and the bitcoin address rewriting attacks? Let us know what you think about this subject in the comments section below.

Jamie Redman

Jamie Redman is the News Lead at News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for News about the disruptive protocols emerging today.

Image Credits: Shutterstock, Pixabay, Wiki Commons,,

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Read disclaimer
Show comments