The Hidden Wiki discussion page has the most comprehensive explanation of the attack that I've found. The only part I don't agree with, simply because there is no evidence, is the claim that the FH admin was identified through bitcoin cashing out. It is factually incorrect that Onion Bank was started months ago. It was started like 10 days before the bust. However, the FH admin may have been accepting private bitcoin donations, particularly from the CP site operators and users. After all, someone was paying the bills to keep the site running. It's possible that the FBI made a donation and tracked the payment, and if the FH admin didn't take proper precautions in cashing out, he was identified that way. All this will come out in the discovery during his court case. I do agree that the compromise of Tormail accounts could be very bad for some members of our community, especially if they didn't encrypt their emails and routinely delete read emails from the server. Here's the Hidden Wiki discussion of the attack. 1. It runs only if Javascript was enabled and affects Firefox 17 on Windows. The exploit used (MFSA 2013-53) and was fixed in Firefox 17.0.7 which is the one used in the latest Tor Browser Bundle, and relies on Windows libraries to execute its payload. If you were using an outdated Tor Browser on Windows and you had Javascript enabled (it is by default) then you have definitely been compromised. If you were using Tor on any other OS, had disabled Javascript, or had the latest version of the Tor Browser Bundle (Torbrowser - Help - About shows the version, which must be 17.0.7 or higher) then you are safe and your public IP has not been transmitted anywhere. 2. The exploit has only been online since after the servers came back on August 3rd, 2013. Now read on for the details... By default, the Tor Browser comes with NoScript set to "Allow All Javascript Globally", meaning that Javascript is enabled by default. They do this to make it convenient for users which is why it's the default setting even though it's not safe. 3. If you were running an exploitable version of the Tor Browser on Windows and didn't either manually set NoScript to "Forbid Javascript Globally" or disabled Javascript entirely via the Firefox settings, then you are absolutely 100% busted. But if you had disabled Javascript like smart people kept telling you, using either of the two methods mentioned, then the code never executed and you are safe. 4. The FreedomHosting compromise consisted of a small, non-existent image tag injected into all Freedom Hosting sites, and this tag contained an event attribute. The fact that the image was missing meant that the "onerror" code ran and retrieved the rest of the code from another Onion site. They did it this way via a small, hidden image to avoid drawing attention to any obvious