Bitcoin developer reports that an unknown entity has been collecting the IP addresses of BTC users. The identity of this entity has not been able to find since it uses 812 separate IP addresses to hide its details when it collects the data.
The entity can be a single person or a group of people. It is estimated that the entity may be linking the IP addresses of the BTC users to its own IP addresses which will lead to the privacy violation of the users.
This was the possible thing it could do after collecting the data, although it is not yet ensured that this is what the entity is up to. Since it the entity uses more than 800 different IP addresses it is to be assumed that, it is making high efforts on its part to not reveal its identity.
However, the entity is not a newly sprouted one, as its IP address has been active and being used since March 2018. The IP address was also seen on various public posts throughout the Bitcoin node operators for multiple years in the recent past.
The information was shared in a blog post by a Bitcoin app developer. The developer remains pseudonymous, 0xB10C, it is the developer behind many of the Bitcoin analytics websites.
The list of analytics websites by the developer includes Transactionfee.info and Mempool.observer. The app developer was also the recipient of the Bitcoin developer grant, in the past, a grant offered by Brink.dev.
0xB10C, in its official Twitter account under the same handle name, posted that an entity active since 2018 was opening connections to many clearnet Bitcoin nodes.
It said that the entity has been active since 2018 and was also on a Monero ban list. The app developer called the entity by the name, LinkingLion.
The post continued that the entity was presumably attempting to link transactions to node IPs. And doubted that it might be a chain analysis company trying to enhance its product.
The Twitter post contained a direct link to the blog post which was published on March 28, 2023. The post describes and discusses the behavior of the entity. It after opening connections to the Bitcoin nodes listens to the transaction announcements.
The connections were opened by using four IP address ranges. This has a possibility that the entity links new broadcast transactions to node IP addresses.
The app developer said that it has previously come across an entity, in the past, making many short-lived connections per second to multiple nodes on the Bitcoin P2P network. This entity was referred to as Inbound Connection Flooder.
The shortly lived connections could be considered as it making their way to their ultimate goal. The post said that, as of now, it is being thought that, the entity was tracking transaction propagation as an attempt to find out which transactions were broadcasted by which node to link transactions to IP addresses.
The observations about the entity give rise to many questions all of which were answered by the app developer in the discussions section.
Here is an overview of the significant questions.
One of the most asked questions was that were the connections opened through a VPN service or not. The answer said that based on ARIN registry information, the IP range used by the entity belongs to CastleVPN, a company.
This could mean that a VPN service was the one enabling the connections. The IP ranges other than the primary one could also be used as VPN endpoints, and that could be the reason for multiple software configurations sharing the same IP address.
Also Read:- Everything You Need To Know About Apple’s New ‘Buy Now, Pay Later’ Service
Another question asked about the possible ways to prevent such a thing from happening again. Banning the IP address ranges that the entity used to make inbound connections to the nodes was cited as a short-term prevention.
The node operators can ban the IP address ranges to protect their nodes from the entity. Another way was cited as contacting the abusive contacts of the owners of the IP range.
Anyhow, both the above solutions can only be useful for a short period of time. The entity will always have the option to change its IP range or switch to another route traffic using a different AS. The reason why all this happens is that the transactions can be linked to IP addresses.
To altogether resolve the problem, the initial transaction broadcast and the transaction rebroadcast logic on the Bitcoin network and the Bitcoin core should be changed.
Similar incidents have happened in the past and when the entities in such cases were found out it happened to be individuals or group/groups messing with the open network.
In some cases, it was companies operating with profit aims, that is to collect data and sell it to other companies or law enforcement institutions, or research firms.
Read More:- JP Morgan Chase Chief Executive Jamie Dimon To Be Deposed In Epstein Lawsuits