Skip to main content

Mysterious entity may be collecting BTC users' IP addresses — Bitcoin developer

The entity reportedly uses a range of 812 different IP addresses to obscure its identity while collecting data.

An unknown person or group may be collecting the IP addresses of Bitcoin (BTC) users and linking them to their BTC addresses, violating the privacy of these users, according to a blog post from pseudonymous Bitcoin app developer 0xB10C. The entity has been active since March 2018, and its IP addresses have shown up on several public posts from Bitcoin node operators over the past several years.

0xB10C is the developer of several Bitcoin analytics websites, including Mempool.observer and Transactionfee.info. They have also been awarded a Bitcoin developer grant from Brink.dev in the past.

0xB10C calls the entity “LinkingLion” because the IP addresses associated with it pass through LionLink network's colocation data center. However, ARIN and RIPE registry information reveal that this company is probably not the originator of the messages, according to 0xB10C.

The entity uses a range of 812 different IP addresses to open connections with Bitcoin full nodes that are visible on the network (also called “listening nodes”). Once it opens a connection, the entity asks the node which version of the Bitcoin software it is using. However, when the node responds with a version number and message stating that it has understood the request, the entity closes its connection about 85% of the time without responding.

According to the post, this behavior may indicate that the entity is trying to determine if a particular node can be reached at a particular IP address.

While this behavior isn’t necessarily a cause for concern, it’s what the entity does the other 15% of the time that may be a concern. 0xB10C stated that about 15% of the time, LinkingLion doesn’t close the connection immediately. Instead, they either listen for inventory messages that contain transactions or send a request for an address and listen for both inventory and address messages. They then close the connection within 10 minutes.

This behavior would normally indicate that the user is a node trying to update its copy of the blockchain. However, LinkingLion never requests blocks or transactions, which implies that they must be pursuing some other purpose, the post said.

Related: Zero-knowledge proofs are coming to Bitcoin

0xB10C stated that LinkingLion might be recording the timing of transactions to determine which node first received a transaction, which can then be used to determine the IP address associated with a particular Bitcoin address, as they explained:

Connections that complete the version handshake and stay connected learn about our node’s inventory, like transactions and blocks. The timing information, i.e., when a node announces its new inventory, is especially relevant. The entity is likely to first learns about our new wallet transaction from us. As the entity is connected to many listening nodes, it can use that information to link broadcast transactions to IP addresses.

To help protect the community from this privacy threat, 0xB10C has produced an open-source ban list that nodes can implement to ban LinkingLion from connecting to them. However, he also warned that the entity could get around this ban list by changing the IP addresses it uses to connect. In 0xB10C’s view, the only permanent solution to the problem is to change the transaction logic within Bitcoin Core, which developers have so far been unable to do.

The vulnerability exposed in the post seems to primarily affect users running their own Bitcoin nodes. 0xB10C did not say whether it also affects ordinary users relying on Electrum or other Bitcoin wallets that connect to third-party nodes, nor did they say whether users can defend against the attack using a virtual private network. Cointelegraph has reached out to 0xB10C on LinkedIn to get answers to these questions but was unable to reach them by the time of publication.

Privacy has been a continuing concern for Bitcoin and crypto users over the years. Although Bitcoin addresses are pseudonymous, their transaction histories are entirely public. Bitcoin educator Andreas Antonopoulos has argued that Bitcoin will never be truly private. But Breeze Wallet has attempted to improve privacy on the network by utilizing offchain transactions and cryptographic puzzles.



from https://ift.tt/uhODt9P
https://ift.tt/Ypo3CXM
Labels:

Comments

Post a Comment

Any questions, Please.

Popular posts from this blog

Five Bitcoin Price Charts Analyzing The Dramatic Q1 2022 Conclusion

There are only hours remaining until the Q1 2022 close in Bitcoin price action. With the important quarterly candle set to close tonight, let’s look at what technicals might say about the direction of the next quarter. Q1 2022 Comes To A Close For Bitcoin The first quarter of a year, often sets the tone for the year to come. In investments, a poor Q1 performance is indicative of a bad year ahead. Considering the fact that Bitcoin price is now above $45,000 after touching $32,000 this quarter, it is tough to say the performance has been “poor” by anything other than crypto standards. Related Reading | Bitcoin Weekly Momentum Flips Bullish For First Time In 2022 The cryptocurrency has recovered nearly 40% from the low, leaving a long wick behind. Such a long wick suggests that before the quarter came to a close, buyers stepped up in a major way. Buyers were able to step up in a larger capacity in Q1 2022 than bears were able to in the final quarter of last year. The bearish wick to cl...
Post a Comment
Read more

FTX hacker reportedly transfers a portion of stolen funds to OKX after using Bitcoin mixer

On-chain activity suggests that the hacker has sent at least 225 BTC (4.5 million) to OKX so far. Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money.  A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far.  1/ Myself and @bax1337 spent this past weekend looking into the FTX attacker’s deposits to ChipMixer. It appears they’ve likely been transferring a portion of the stolen FTX funds to OKX after withdrawing from CM So far we’ve accounted for at least $4.1m (255 BTC) sent to OKX pic.twitter.com/C46JZWtktn — ZachXBT (@zachxbt) November 29, 2022 According to ZachXBT, the FTX h...
Post a Comment
Read more

2 metrics signal the $1T crypto market cap support likely won’t hold

Despite the 8.5% weekly rally in cryptocurrencies, the lack of stablecoin premiums in Asia and futures markets activity shows buyers’ lack of confidence. Cryptocurrencies broke the $1 trillion market capitalization resistance on Oct. 26, which had been holding strong for the previous 41 days. Despite Bitcoin’s ( BTC ) modest 5.5% weekly gains, the aggregate value of 20,000 listed tokens increased by 8.5% between Oct. 24 and 31. Total crypto market cap, USD (in billions). Source: TradingView The cryptocurrency market was positively impacted by a 6.3% weekly rally in the Russell 2000 mid-capitalization stock market index. Some encouraging news accompanied the positive tailwinds from traditional markets. For instance,  55,000 BTC was withdrawn from Binance on Oct. 26, a record high. Typically, analysts consider the reduced number of coins deposited on exchanges a bullish indicator, as the immediate selling pressure eases. Moreover, exchange and wallet provider Blockchain.com ...
Post a Comment
Read more