Hackers find vulnerabilities through many methods. These include input exploitation, session hijacking, direct object references, and cross-site scripting. Most are found through open-source information or trial and error.
No, Tor is not a Honeypot. There are some sites and vendors that set up phishing traps. Tor is filled with illegal activities which are largely unregulated. This creates a greater opportunity for identity theft than browsing the regular internet.