The threat actor was also able to see the user’s transmitted data on the Tor browser in unencrypted format and tamper with it for their own ill-motives.
For users really concerned about government surveillance and privacy in general, the Tor browser offers a suitable escape anonymizing your internet activity. However, just like any piece of technology, it too comes with its flaws.
One of these is that the Tor network uses 3 different nodes or relays for any communication that occurs on it to hide the real source of the traffic. The last of these relays is an exit relay which gets to see where the data is being actually sent. Yet, what happens when this exit relay is malicious?
See: 8 best dark web search engines for 2020
This is exactly what has been reported recently by a researcher going by the online handle of “nusenu” who found out that up to 24% of the exit relays on the Tor browser were being controlled by a single threat actor up to May 2020 which placed an enormous amount of power in one hand.
This allowed this threat actor to see the user’s transmitted data in unencrypted form and therefore tamper with it for their own ill-motives. One way they did so was by changing the original Bitcoin addresses of users and replacing them with their own in order to steal the coins being transferred.
