A new report by the University of Luxemburg has emerged, saying researchers have “proven” that Bitcoin transactions can be linked to specific IP addresses and user identities traced.
The document, published following the Association for Computing Machinery Conference on Computer and Communications Security earlier this month, includes details of experiments carried out to demonstrate the susceptibility of the Bitcoin network to security breaches. In addition, it is alleged that using services such as Tor is insufficient to prevent identity tracking.
“Our techniques work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs,” the report states. “They allow to link transactions of a user behind a NAT and to distinguish connections and transactions of different users behind the same NAT. We also show that a neutral countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the Bitcoin network.”
The report was compiled by Alex Biryukov, Dmitry Khovratovich and Ivan Pustogarov from the university’s Computer Science and Communications Research Unit.
In addition to citing and demonstrating the risks, the researchers highlight possible solutions to the problem, highlighting however the need for certain aspects of protocol to be adjusted.
The research team added:
“Our attacks require only a few machines and have been experimentally verified. The estimated success rate is between 11% and 60% depending on how stealthy an attacker wants to be.”
As reported in the International Business Times, the exact method for an attack involves a multi-step procedure which takes advantage of automatic 24-hour blocking of user IP addresses, which send malformed messages and accrue penalties.
“It shows that the level of network anonymity provided by Bitcoin is quite low. Several features of the Bitcoin protocol makes the attack possible. In particular, we emphasize that the stable set of only eight entry nodes is too small, as the majority of these nodes' connections can be captured by an attacker,” it is highlighted.
Reactions from Bitcoin core developers are expected in due course. With attention increasingly focusing on the strength and stability of Bitcoin’s core infrastructure, any revelations proven to be a genuine threat will be unwelcome news.
Did you enjoy this article? You may also be interested in reading these ones: