Well regardless of where it is they can trace it up to its entry guards, even if the entry guards are in China or Russia. (citation: http://freehaven.net/anonbib/cache/hs-attack06.pdf) If they can trace it directly to its IP address depends on if they can compromise one of the entry guards or not. If the entry guards are in the USA they can do this with a trap and trace / pen register order as authorized by CALEA. This part of the process could probably be done in under 24 hours if the entry guards are in USA (citations: https://en.wikipedia.or/wiki/Communications_Assistance_for_Law_Enforcement_Act , https://en.wikipedia.org/wiki/Trap_and_trace_device https://en.wikipedia.org/wiki/Pen_register) If the entry guards are not in USA they will probably use a mutual legal assistance request (citation: https://en.wikipedia.org/wiki/Mutual_legal_assistance_treaty) through one of their political channels to request the cooperation of the overseas ISP. How long it takes the foreign nation to comply with the MLA depends largely on the particular nation. Some cooperate slowly, some cooperate very quickly. At this point they will be able to get the hidden services IP address from passive monitoring of the entry guard. There are other things they could try as well, but they are more grey area / illegal, so I think they will just go with a MLAT if the entry guards are overseas. The entire process will likely take no more than a month even if the entry guards are all overseas. Chances are they are either in USA or a European country with fast MLAT compliance though, unless SR specifically set the entry guards himself instead of letting Tor pick them for him (Tor is blind to the legal system of a country, and also blind to how much that country cooperates with USA, and the majority of Tor nodes are in USA and USA friendly European countries). After tracing the server they will almost certainly leave it up since they can then observe traffic arriving to it. That means that every person who connects to SR with a fed owned entry guard will be deanonymized (citation: http://freehaven.net/anonbib/cache/dsn-09-jing.pdf) . How much damage they will be able to do immediately, and over time, will depend on how many Tor nodes with entry guard flag they have. There are ~900 entry guards (citation: https://metrics.torproject.org/network.html) total and you select three at a time, the three you select change about once a month. Someone else can do the math . If you don't frequently change the physical location of your hidden service it is only a matter of time until a moderate level attacker (able to afford flooding two dozen or so nodes into the Tor network....assuming VPS cost <$100 a month this shouldn't cost more than about $4,800, giving the attacker two months to slowly add the nodes to the network so they don't get removed after triggering the 'node flooding attack' detection algorithms that the Tor directory authority servers use to prevent people with botnets from adding a thousand nodes to Tor all at once....) finds its entry guards. If the attacker can get past the entry guards or not is a different story, but a federal law enforcement agency is pretty much certainly able to do so in the vast majority of cases (I think that 187 different countries have mutual legal assistance agreements with the USA, and the ones that do not probably don't have much internet infrastructure lol).