Share this article
Tor Network Compromised by Single Hacker Stealing Users' Bitcoin: Report
The unknown hacker is using Tor exit relays to remove encryption on bitcoin mixer services and change wallet addresses from users to their own.
By Paddy Baker
Updated Sep 14, 2021, 9:42 a.m. Published Aug 12, 2020, 5:50 p.m.
A single malicious entity controls nearly a quarter of all nodes used on the anonymous internet provider Tor Network and is using its position to steal bitcoin and other cryptocurrencies.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
- A cybersecurity analyst, using the pseudonym "nusenu," said in a report this week a hacker now controls approximately 23% of the Tor Network's exit relay capacity.
- The Tor Network provides anonymous internet access with voluntarily run relays that route traffic in order to obfuscate users' traceable and identifiable IP addresses.
- The exit relay is the final stage that connects users to their requested websites.
- Per the report, the hacker is using her/his position as a major exit relay host to stage sophisticated person-in-the-middle attacks, stripping websites of encryption and giving her/him full unrestricted access to traffic passing through her/his servers.
- The malicious agent primarily focused on bitcoin mixer services, replacing wallet addresses so the mixer returns "clean" funds to the hacker rather than the original user.
- A lack of enforcement on the Tor Network means the hacker has more than doubled her/his share of exit relays from under 10% last December, nusenu said.
- It's unclear how much cryptocurrency has been stolen and whether the malicious agent is engaged in other attacks.
- At least one bitcoin mixer service has added an additional security layer preventing hackers from removing their website's encryption.
- The identity of the hacker remains a mystery and it isn't clear if there's any added motivation is for the attack besides stealing cryptocurrencies.
See also: Binance Labs Leads $1M Seed Round in Crypto Tor Alternative HOPR
Mehr für Sie
Was Sie wissen sollten:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Mehr für Sie
Barclays Sees ‘Down-Year’ for Crypto in 2026 Without Big Catalysts
Spot trading volumes are cooling, and investor enthusiasm is fading amid a lack of structural growth drivers, analysts wrote in a new report.
Was Sie wissen sollten:
- Barclays forecasts lower crypto trading volumes in 2026, with no clear catalysts to revive market activity.
- Spot market slowdowns pose revenue challenges for retail-focused platforms like Coinbase and Robinhood, the bank said.
- Regulatory clarity, including pending market structure legislation, could shape long-term market growth despite near-term headwinds.
Top Stories
