German news outlet Tagesschau reports that local law enforcement agencies have successfully targeted, tracked, and arrested four suspects in a single investigation. The outlaws used Tor to hide their identities and activities in managing a ransomware operation and hosting child sex abuse material (CSAM) on their servers.
Tor itself was not breached. Rather, the suspects were using an outdated, long-retired app that did not employ some of the protections that are now available, and this, in turn, allowed investigators to carry out the attack.