Oh fun. Some researchers found a way to exploit the Tor onion proof of work system. It's supposed to keep an adversary from doing a denial of service attack on the server by exhausting all of its resources, and for that job it does work.
However, it introduces another denial of service attack where the attacker doesn't actually overwhelm the server with data, but it just tricks the server into thinking it's being overwhelmed and causes the difficulty to rise to the maximum possible value and keep most clients from being able to connect.
The researchers created their own algorithm that exponentially increased the amount that it would cost to perform the attack from a trivial low amount to something like 1.06 Monero per hour per onion service.
So a website with a single address would cost 1.06 XMR per hour to attack, which is still pretty low, but a website with 30 addresses would take 1.06*30 = 31.8XMR/hr to attack.
spinning up a bunch of addresses is not a particularly hard thing to do so that's one mitigation and would keep anybody with extremely limited resources from being able to pull off that attack
In the example above 31.8 Monero per hour to attack the service is a pretty steep cost.
https://www.youtube.com/watch?v=clPuPukCIms
#Tor
However, it introduces another denial of service attack where the attacker doesn't actually overwhelm the server with data, but it just tricks the server into thinking it's being overwhelmed and causes the difficulty to rise to the maximum possible value and keep most clients from being able to connect.
The researchers created their own algorithm that exponentially increased the amount that it would cost to perform the attack from a trivial low amount to something like 1.06 Monero per hour per onion service.
So a website with a single address would cost 1.06 XMR per hour to attack, which is still pretty low, but a website with 30 addresses would take 1.06*30 = 31.8XMR/hr to attack.
spinning up a bunch of addresses is not a particularly hard thing to do so that's one mitigation and would keep anybody with extremely limited resources from being able to pull off that attack
In the example above 31.8 Monero per hour to attack the service is a pretty steep cost.
https://www.youtube.com/watch?v=clPuPukCIms
#Tor