Attack on Tor Causes “v3 Onion” Downtime, Experimental Fix to Land Soon

  • The Tor network is going through downtimes, possibly due to uncontrolled DDoS between darknet markets.
  • V3 onion sites are down due to a bug that doesn’t preserve the “live” status of the consensus.
  • A large number of websites have been affected, some staying offline for up to 12 hours.

A coordinated attack against the Tor network that has been going on since January 6, 2021, caused all v3 onion domains to go offline for 12 hours yesterday. Some services launched temporary v2 onion domains to return online, while the Tor Project team was occupied on the preparation of a fix, even a temporary one. They have now announced an experimental patch that needs to be applied to both the client and the service sides to work.

The explanation regarding why v3 onion domains were affected by the attack while previous versions weren’t is that the latest version has a bug in the service implementation, causing the dropping of the “live” state of the consensus even if it’s still valid. Given enough time (a couple of hours) and rounds, the consensus enters a status that is no longer considered “live,” so services don’t publish descriptors, and clients don’t fetch them.

The testing of the “Alpha” version of Tor ( is currently underway, and if you want to fiddle with it, you may build the source from this Git repository. Attacks on Tor that expose the existence of previously undiscovered or simply unaddressed bugs aren’t something new, but seeing the community responding with fervency is very important.

Naturally, the downtimes have affected a large number of onion websites, including Bitcoin services like Wasabi and Bisq. According to researchers who monitor the dark web, there has been some activity lately involving Denial of Service attacks between dark web markets. Apparently, these attacks quickly escalated to overwhelming the (HSDir) nodes of the Tor network, resulting in an inability to connect to v3 onion sites.

Cryptocurrency holders who attempted to access their assets and wallets and experienced delays or connection failures naturally panicked, as they feared the worst. Bisq urged the community not to open disputes, assuring them that the situation poses no threat to their assets.

Similarly, Wasabi quickly resorted to routing the tracking to v2 and v1 onion sites and the clearnet backend endpoint that is still accessed over Tor. Of course, interruptions will continue, but the platform assured that there’s nothing to worry about.



Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari