"Since January 2020, a threat actor has been inserting thousands of malicious servers into the Tor network to identify traffic heading to cryptocurrency mixing websites and perform an SSL stripping attack, which is when traffic is downgraded from an encrypted HTTPS connection to plaintext HTTP.
The belief is that the attacker has been downgrading traffic to HTTP in order to replace cryptocurrency addresses with their own and hijack transactions for their own profit." - https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year/
“One of the more comprehensive fixes we’re exploring from the user side is to disable plain HTTP in Tor Browser.” - https://blog.torproject.org/bad-exit-relays-may-june-2020
You must log in or # to comment.