- The Tor network is going through downtimes, possibly due to uncontrolled DDoS between darknet markets.
- V3 onion sites are down due to a bug that doesn’t preserve the “live” status of the consensus.
- A large number of websites have been affected, some staying offline for up to 12 hours.
A coordinated attack against the Tor network that has been going on since January 6, 2021, caused all v3 onion domains to go offline for 12 hours yesterday. Some services launched temporary v2 onion domains to return online, while the Tor Project team was occupied on the preparation of a fix, even a temporary one. They have now announced an experimental patch that needs to be applied to both the client and the service sides to work.
The explanation regarding why v3 onion domains were affected by the attack while previous versions weren’t is that the latest version has a bug in the service implementation, causing the dropping of the “live” state of the consensus even if it’s still valid. Given enough time (a couple of hours) and rounds, the consensus enters a status that is no longer considered “live,” so services don’t publish descriptors, and clients don’t fetch them.
The testing of the “Alpha” version of Tor (0.4.6.0) is currently underway, and if you want to fiddle with it, you may build the source from this Git repository. Attacks on Tor that expose the existence of previously undiscovered or simply unaddressed bugs aren’t something new, but seeing the community responding with fervency is very important.
Naturally, the downtimes have affected a large number of onion websites, including Bitcoin services like Wasabi and Bisq. According to researchers who monitor the dark web, there has been some activity lately involving Denial of Service attacks between dark web markets. Apparently, these attacks quickly escalated to overwhelming the (HSDir) nodes of the Tor network, resulting in an inability to connect to v3 onion sites.
Cryptocurrency holders who attempted to access their assets and wallets and experienced delays or connection failures naturally panicked, as they feared the worst. Bisq urged the community not to open disputes, assuring them that the situation poses no threat to their assets.
Similarly, Wasabi quickly resorted to routing the tracking to v2 and v1 onion sites and the clearnet backend endpoint that is still accessed over Tor. Of course, interruptions will continue, but the platform assured that there’s nothing to worry about.