The majority of Bitcoin users consider the virtual currency absolutely anonymous, but researchers at the University of Luxembourg have demonstrated that is it possible to de-anonymize clients in a Bitcoin P2P network.
In the paper written by Alex Biryukov, Dmitry Khovratovich and Ivan Pustogarov and titled “Deanonymisation of clients in Bitcoin P2P network“the experts explain how to exploit a built in flaw in the Bitcoin system to reveal the IP address, and the identity, of users that make a payment with the virtual currency.
A blog post by Mary-Ann Russon on the International Business Times reports that, as explained by researchers, a hacker could de-anonymize a Bitcoin user from its transactions through Tor for €1,500.
The attack consists in generating ‘malformed message’, faking that it had been sent by the user through the Bitcoin peer-to-peer network. These malformed messages cause the increase for the penalty score of the IP address, and if fake messages exceed 100, the IP could be banned for 24 hours. Sending fake messages it is possible even if they are sent from a Tor exit node.
“For example, say there are 1,008 Tor exit nodes. The hacker just needs to establish 1,008 connections and send a few megabytes of data to all connections from the Tor exit nodes to Bitcoin servers. Once the attacker knows what all the servers are and the bitcoin users have been banned from accessing these servers using Tor, they will then have to access the servers the normal way.” states Mary-Ann Russon in the post.
At this point, every time a user’s client makes a connection to the Bitcoin server, its address will be revealed.
“Once the hacker knows this address, he can trick the Bitcoin server into revealing the IP address of the user,” states the post.
The researchers in the paper described their technique with the following statements:
“The crucial idea of our attack is to identify each client by an octet of outgoing connections it establishes. This octet of Bitcoin peers [entry nodes] serves as a unique identifier of a client for thewhole duration of a user session and will differentiate even those users who share the same NAT IP address,” the authors stress.” in reported in the paper-“As soon as the attacker receives the transaction from just two to three entry nodes he can with very high probability link the transaction to a specific client.”
The researchers explained in the paper that the anonymity in the Bitcoin virtual currency scheme is weak. Many featured could be exploited to run a cyber attack on the crypto currency and reveal a user’s identity.
The usage of Tor could increase the level of anonymity, but anyway hacker can always track users from their Bitcoin payments.
“We demonstrate that the use of Tor does not rule out the attack as Tor connections can be prohibited for the entire network. It shows that the level of network anonymity provided by Bitcoin is quite low. Several features of the Bitcoin protocol makes the attack possible. In particular, we emphasize that the stable set of only eight entry nodes is too small, as the majority of these nodes’ connections can be captured by an attacker.” states the paper.
Another problem related to the anonymity of the Bitcoin is that the virtual currency lack of a robust authentication system, this makes easy for an attacker to cause nodes blacklisting the IP addresses of seemingly misbehaving connections.
“We figured out that very short messages may cause a day IP ban, which can be used to separate a given node or the entire network from anonymity services such as proxy servers or Tor. If the Bitcoin community wishes to use Tor, this part of the protocol must be reconsidered.”
Experts at Tor Project speculated that a similar technique could have been exploited by law enforcement in the recent operation Onymous against black markets in the Tor Network, allowing authorities to persecute their operators.
(Security Affairs – Bitcoin, hacking)