The bug that took down specific Tor sites didn’t affect one privacy wallet that relies on its services. How is that possible?
All new Onion addresses on the anonymous browser network, Tor, went offline recently after a bug has been spotted in the system. Signs have pointed to a DDoS attack, and the disruption made some users of Bitcoin privacy wallet Wasabi suffer connectivity issues.
“It seems that someone made their own Tor implementation that fetches directory info in a very rude way”… a custom DDoS tool?” said Roger Dingledine yesterday, a reporter from Tor. And then, the system overload exposed a bug that made the network offline.
Black marketplaces like White House Market and ASEAN Market, 8chan, and Julian Assange’s Wikileaks were among dozens of popular sites taken down by the bug.
Wasabi, which filters its traffic through Tor, stated today in a blog post that most of its users have experienced connection issues as an effect. In total, though, Wasabi managed to withstand the attack automatically, even though it uses modern v3 addresses that brought other sites offline.
Wasabi Wallet goes through Tor to encrypt transactions. It connects users to different Bitcoin p2p nodes, using Tor to obscure transactions so that it is impossible to work out how funds flow through blockchains.
Wasabi wasn’t affected by the bug, for it has a fallback system connected with the regular internet through Tor.
More imminent attacks on the way
Denial of service attacks is on the rise. An August 2020 report from Kaspersky, a cybersecurity company, said that DDoS attacks increased three-fold in the second quarter of 2020 compared to the same period in 2019.
Kim Crawley, a cybersecurity expert and author of The Pentester Blueprint, stated that Tor sites are vulnerable because they “cannot use services like Cloudflare to mitigate DDoS attacks.”