This would only be effective against a pure amateur in the realm of network security. The TOR network can be "evil noded" but that is discussed on the better local bitcoin vendor sites before you even login if you are on a TOR node. If you document/pre-establish the cert fingerprint of the "official" site you are using, then its simple to confirm your connection is in fact MATCHED to that specific fingerprint. None of these MITM or adaptations of the same can produce the perfectly matched fingerprint. Many of these concerns would also be virtually removed if TOR users would chain a couple of VPN's before their circuit. For something as important as BitCoin anonymity such a move would be sort of a no brainer I would think. Maybe this is just my "bend" on thinking. The real amateur part comes in when a user sees his TOR IP is being banned and rather than proceeding with counter measures they impatiently just connect on their raw IP! Really, if you do that then you get what you get. These punk thieves most rely upon impatience.
The key point deserves reiteration: As Palancar notes, people using Bitcoin clients via Tor are safe as long as they resist the temptation to connect directly when Tor is cut off by jerks like these. Potential double correlation -- Bitcoin pseudonym to both Tor exits and ISP-assigned IP address -- is impossible unless users make that mistake. Also, the brute-force attack to cut off Bitcoin servers from Tor users -- which involves hitting every Bitcoin server with malformed messages from every Tor exit -- is easily side-stepped. Just route a free VPN service through Tor, and use ones Bitcoin client through the VPN. Another lesson here is that all transactions made with a particular Bitcoin client using a particular Tor instance can potentially be linked. That's why I recommend using multiple Whonix instances with Multibit clients for anonymizing Bitcoins through mixing services. For best security, each Whonix instance and its Multibit client should be used for just one transfer and then deleted: Import Whonix VMs, install Multibit, receive Bitcoins from mixing service, send Bitcoins to another mixing service, and then delete Whonix instance). This paper is here: Biryukov et al. (2014) Deanonymisation of clients in Bitcoin P2P network <http://arxiv.org/pdf/1405.7418v2.pdf> An important related paper is here: Biryukov and Pustogarov (2014) Bitcoin over Tor isn't a good idea <https://ia902205.us.archive.org/8/items/pdfy-GevHa7fIqhs6T7Tx/1410.6079v1.pdf>
