A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks Group still controls 10% of all Tor exit nodes today August 10, 2020 https://www.zdnet.com/article/a-mys...-exit-nodes-to-perform-ssl-stripping-attacks/ How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
I have done some extensive study on this subject as well. All the information above is directed at Crypto because of the profit from theft. It can apply to other areas quite easily. As one that employs Crypto countermeasures personally, may I simply suggest two surefire ways to cover ALL transactions. Regarding mixers, there are some reliable organizations the are full onion. Using onion servers front to back (6 servers) there is NO exit into clearnet so no data can be "picked off". Next, equally impactful, use a hardware wallet where the BTC address is displayed on the device itself. In this way the transaction is SIGNED in a way that ONLY the address on the device will be able to receive the transfer of coins. Not rocket science, but using these two simple methods assures you will not fall prey!
Tor security advisory: exit relays running sslstrip in May and June 2020 August 14, 2020 https://blog.torproject.org/bad-exit-relays-may-june-2020
"Cryptocurrency users targeted by Tor network exit nodes... The threat actor still controls a fair number of Tor exit nodes... The threat actor, through its exit relays, performed an SSL stripping attack on traffic headed towards cryptocurrency websites, downgrading the encrypted HTTPS connection to plaintext HTTP... Once the scheme was discovered, the exit relays were removed. However it only took a couple of days before the researcher started observing new relays exhibiting the same malicious behavior. Despite being outed, the threat actor continues to add new malicious nodes and Nusenu estimates that between 4% and 6% of the Tor exit nodes are still under the control of the threat actor..." https://www.techradar.com/news/cryptocurrency-users-targeted-by-tor-network-exit-nodes
