en
Back to the list

Do you use Bitcoin? Someone might be spying on you – Cryptopolitan

source-logo  cryptopolitan.com 30 March 2023 12:45, UTC

A recent blog post by a pseudonymous Bitcoin app developer has revealed that an unknown entity may be collecting the IP addresses of Bitcoin users and linking them to their addresses. This is a violation of user privacy and could leave users vulnerable to surveillance.

The entity behind the spying: LinkingLion

The report describes the behavior of an entity called LinkingLion. The entity has been active in some capacity since 2018 and is also active on the Monero network using the same IP address ranges. It is not yet known who is behind this entity or what their motives are.

LinkingLion opens connections to many Bitcoin nodes using four IP address ranges and listens to transaction announcements. This might allow the entity to link newly broadcast transactions to node IP addresses. The report suggests that the entity might be a blockchain analysis company collecting data to improve its products.

LinkingLion uses IP addresses from three IPv4 /24 ranges and one IPv6 /32 range to connect to listening nodes on the Bitcoin network. The IP address ranges are all announced by AS54098, LionLink Networks.

The entity establishes a TCP connection to a Bitcoin node and starts the version handshake by sending a version message. It sends version messages with obscure user agents like /bitcoinj:0.14.3/Bitcoin Wallet:4.72/, /Classic:1.3.4(EB8)/, or /Satoshi:0.13.2/.

The entity uses 0 as the nonce for all connections and sets the transaction relay flag to receive information about new transactions we know.

The entity uses the full range of ephemeral ports (1024-65535), which deviates from the default behavior of many operating systems. The same IP address repeatedly connects, in some cases more than 50 times, before the entity switches to another IP address in the same address range.

After the handshake, a Bitcoin Core node sends a sendcmpct message indicating support for Compact Block Relay, a ping message, a feefilter message with the minimum feerate we’re interested in, and a getheaders message requesting new headers the peer might know.

The risk of Bitcoin spying

The risk lies in the fact that this entity might be able to track transaction propagation and determine which node broadcasts which transaction, to link transactions to IP addresses.

The entity may use this information to identify the real-world identities of Bitcoin users. The entity has been active since 2018 and may have already collected vast amounts of data on users.

It is crucial to take necessary precautions to protect your privacy when using the coin. You can reduce the risk of being tracked by using a Virtual Private Network (VPN) or Tor network to hide your IP address.

Additionally, avoid sharing identifying information, such as personal details, while using the cryptocueewncy. It is also advisable to use Bitcoin wallets that are privacy-focused, like Wasabi Wallet or Samourai Wallet.

The identity and motive of LinkingLion remain unknown, but the fact remains that it may be spying on Bitcoin users. This poses a significant risk to user privacy and could lead to surveillance. As a Bitcoin user, it is crucial to take steps to protect your privacy when using the crypto.

cryptopolitan.com