How a DDoS attack brought the dark-net to a halt


For the past couple of days, many dark-net markets refused to work properly. At some points, only a couple of markets remained online. For some, this did not look abnormal as DDoS attacks are not uncommon on the dark-net. In reality, this attack was much larger scale and nothing like before. The downtime was caused by an attack on TORs authority nodes, this caused the entire V3 network to go offline.

First sight of the attack

Coincidentally the attack on the tor network started right after Hugbunter, the founder of Dread made a post about DDoS attacks. Hugbunter stated the consequences for market owners that set up attacks against their competition. He also mentioned that he knows a couple of names of markets that purchased attacks against competitors last week. Less than an hour after this post, the attack seemingly begun.

How could this happen?

The tor network consists of many nodes. These nodes are used as entry, pass-through and exit points. When first connecting to the tor network, your connection gets bootstrapped to some hard-coded IPs. These IPs are used to connect to authority nodes and request the consensus. The consensus contains all types of information about the network. This includes good and bad relays, guards, exit nodes and bandwidth. Every hour authority nodes vote to create the consensus. If the vote fails for 3 times in a row, no consensus is generated. This is exactly what happened after all the tor authority nodes were attacked. Since V3 directory variables are also stored in the consensus, this causes the entire V3 network to go offline.

A solution to this problem has already been found by many users but is not official. Changing the clock on the client side 3 hours ahead, reportedly solves the problem with V3 onions not loading. This happens because the time on the client falls outside the period of time that had to elapse to resume the connection. A more official solution is expected to come out in the form of a client update.

The effect of the attack

The fall of tor's V3 network has affected millions. The dark-net industry came to a halt, as did many other legal services that rely on the tor network. A few cryptocurrency wallets including Wasabi reported downtime because of the attacks. Despite the custom fix reported by users, many dark-net services remain offline at this time.

Did this effect bitcoin?

Coincidentally, a few hours after the attacks started, bitcoin dropped by over 15%. Some claim that bitcoin crashed because of the dark-net's downtime. This could be true as bitcoin holds a big share of the dark-net but not entirely. Tor's downtime is what affected bitcoin the most. Bitcoin core 0.21 is expected to support the Tor V3 network. Bitcoin nodes can be set-up to directly connect to the V3 network. This latest flaw could have affected bitcoins privacy and reliability. Despite that it is still unclear if there is a direct link between the latest bitcoin crash and Tor's downtime.