Quote from: Shannon on July 08, 2012, 08:37 pmvlad1m1r i see the most likely route of attack as pwning the server (easy work if you have the right people) then stealing the database with unencrypted addresses, harvesting addresses as orders are made, or possibly stealing the .onion private keys and setting up their own honeypot silkroadvb5piz3r.onion. the way hidden services work is that the service that announces latest wins the netsplit, so it's easy for an attacker who owns the .onion keys to significantly disrupt the real site's operations or to masquerade as the real site for a majority of any time periodadmin if you're reading this good job on using persistent guard nodes in your config, if i was a fed and if you didn't have that flag on your ass would be grass :)I see, scary stuff! I imagine we can mitigate the risk at present by using GPG to encrypt all addresses - let's also hope this forum isn't located on the same server too!If this happened I imagine DPR would be obliged to set up an entirely new hidden service - though I suppose there might be some difficulty convincing others to switch from the former site? V.