Mysterious Device Can Collect BTC Users’ IP Addresses – Bitcoin Developer

An unknown person or group may collect the IP addresses of Bitcoin (BTC) users and link them to their BTC addresses, violating the privacy of those users, according to a blog post by pseudonymous Bitcoin app developer 0xB10C. The device has been active since March 2018, and its IP addresses have appeared on several public posts by Bitcoin node operators in recent years.

0xB10C is the developer of several Bitcoin analysis sites, including Mempool.observer and Transactionfee.info. They have also been awarded a Bitcoin developer grant from Brink.dev in the past.

0xB10C calls the device “LinkingLion” because the IP addresses associated with it go through the LionLink network’s colocation data center. However, ARIN and RIPE registry information reveals that this company is likely not the originator of the messages, according to 0xB10C.

The device uses a range of 812 different IP addresses to open connections with Bitcoin full nodes visible on the network (also called “listening nodes”). When it opens a connection, the device asks the node what version of the Bitcoin software it is using. But when the node responds with a version number and message saying it understood the request, the device closes its connection about 85% of the time without responding.

According to the post, this behavior may indicate that the device is trying to determine if a particular node can be reached at a particular IP address.

While this behavior isn’t necessarily a cause for concern, it’s what the device does the other 15% of the time that could be a concern. 0xB10C stated that about 15% of the time LinkingLion does not close the connection immediately. Instead, they either listen for inventory messages containing transactions or send a request for an address and listen for both inventory and address messages. They then close the connection within 10 minutes.

This behavior would normally indicate that the user is a node trying to update its copy of the blockchain. However, LinkingLion never asks for blocks or transactions, which implies that they must have another purpose, the post says.

Related: Zero-knowledge proof is coming to Bitcoin

0xB10C stated that LinkingLion can record the timing of transactions to determine which node first received a transaction, which can then be used to determine the IP address associated with a particular Bitcoin address, as they explained:

Connections that complete the version handshake and stay connected learn about the node’s holdings, such as transactions and blocks. The time information, i.e. when a node announces its new inventory, is particularly relevant. The device will probably first learn about our new wallet transaction from us. Since the device is connected to many listening nodes, it can use this information to link broadcast transactions to IP addresses.

To protect the community from this privacy threat, 0xB10C has created an open source banlist that nodes can implement to ban LinkingLion from connecting to them. However, he also warned that the device could get around this ban list by changing the IP addresses it uses to connect. In 0xB10C’s view, the only permanent solution to the problem is to change the transaction logic in Bitcoin Core, which the developers have so far failed to do.

The vulnerability disclosed in the post appears to primarily affect users running their own Bitcoin nodes. 0xB10C did not say whether it also affects regular users who rely on Electrum or other Bitcoin wallets that connect to third-party nodes, nor did they say whether users can defend against the attack by using a virtual private network. Cointelegraph has reached out to 0xB10C on LinkedIn for answers to these questions, but was unable to reach them at the time of publication.

Privacy has been an ongoing concern for Bitcoin and crypto users over the years. Although Bitcoin addresses are pseudonymous, their transaction histories are completely public. Bitcoin educator Andreas Antonopoulos has argued that Bitcoin will never be truly private. But Breeze Wallet has tried to improve privacy on the network by using offchain transactions and cryptographic puzzles.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *