First up, the ‘Multiply Bitcoin’ scam, which he admits he stole from another scammer:

Nothing so far is worth much effort to make this clear. The best [scam] clearly was the “Multiply BTC” thing, i have/had 3 different of these sites and several onions for them. One which claims to pay out x10 which is interestingly usually the one which gets amounts like 0.1/0.2, and one that claims to be x100 which usually gets the lowest allowed amount of 0.01. But this is pretty much dead, people started to realize that this is barely possible and about 2–10 of those sites appear per day so good luck getting traffic now. Anyway i am glad this is over, as this was stupid as fuck. I mean a “exploit in the blockchain” which gives back x100? Seriously?

It appears he also runs a legitimate Bitcoin tumbler plus ‘some proxied ones’, so is likely ripping off various legitimate tumblers out there. Bad news for small scale tumblers there who don’t have established points of reference such a clearnet gateways or links from trusted review sites.

I have a Bitcoin tumbler plus some proxied ones. The Tumbler gives a nice little amount every once in a while, but pretty rarely. You cant edit the uncensored hidden wikis fast enough if you also have a normal job, they will always undo your links, or at least your [verified] tags.

This of course cements my option that these hidden wikis have become a liability and need to be replaced by better indexing services.

Next let’s look into his server setup:

[Tor] relays are ok with most hosters and everything critical is encrypted anyway. My relays are on fast VPS or small dedicated servers spread around some nice datacenters.

This seems to tally with nachash’s guide on ‘So, you want to be darknet Drug Lord…’ which I have recently wikified for people’s convenience.

Finally let’s look into potentially his most prolific scam, proxing onion sites to ‘collect user data while replacing BTC addresses transparently’:

I have no name for [the scam type] actually, i just wrote the software after i had the idea randomly, pretty sure there should be one for this kind of attack. Also i dont think it is to similiar with onion cloner, i dont clone, i proxy. The client connects to me and i connect to the actual service. In the nature of tor the service itself can barely see any difference and therefore is helpless, except someone notices the weakness (which i wonder anyway why people did not protect in first place). The server only holds the data in RAM for a short time to manipulate the requests and responses.

As I already knew, .onion addresses are incredibly vulnerable to impersonation because of a lack of wide spread or standard authentication mechanism. But will https signed onion addresses mitigate this?

It does not work with HTTPs currently, but it easily could as long as we talk about normal certificates that nobody really checks. I am a different host, so i could just ship my own certs.

So that’s Tor hidden service authentication still in jeopardy for the forseeable.

You can read the full AMA here.