The estimate was made by Roger Dingledine, leader of the Tor Project, in a post on the Tor-relays mailing lists.
When the existence of the bug was first made public, the Tor team noted that "Tor relays and bridges could maybe be made to leak their medium-term onion keys or their long-term relay identity keys," and those who operate them were advised to update their OpenSSL package, discard all the files in keys/ in their DataDirectory, and restart Tor to generate new keys.
Some of them did, and others still haven't, and the latter are getting rejected for the time being.
"Switching to a new relay identity key means that the relay is seen as new to the authorities again: they will lose their Guard status and bandwidth measurement," Tor support coordinator and developer Lunar noted on Wednesday. "It seems that a number of operators followed the advice, as the network lost around 1 Gbit/s of advertised capacity between April 7th and April 10th."
"On April 8th, [community member] grarpamp observed that more than 3000 relays had been restarted hopefully to use the fixed version of OpenSSL. It is unknown how many of those relays have switched to a new key since. [Tor developer] Andrea Shepard has been working on a survey to identify them," he shared.
"What is known though are relays that are unfortunately still vulnerable. [Developer and maintainer of Tor Cloud] Sina Rabbani has set up a visible list for guards and exits. To protect Tor users, directory authority operators have started to reject descriptors for vulnerable relays."
Dingledine has attached to his post a list of relay identity fingerprints he is
rejecting on the moria1 main node, and has said he and others should expand the list as they discover other relays that come online with vulnerable OpenSSL versions.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.