Researchers at the University of Luxembourg says it is now possible to unmask people being Bitcoin transactions in the ever growing dark web market by exploiting an in design vulnerability in Tor network. Experts are yet to observe this kind of attacks but there is wide speculation that the feds employed the attack in operation Onymous.
For years, the anonymity of Bitcoin transactions have intrigued the world, but now researchers at University of Luxembourg says it is now possible to de-anonymize the virtual currency and unmask the faces behind each transaction on Dark web market place such as Silk Road 2.0 or Evolution.
In a paper titled Deanonymisation of clients in Bitcoin P2P network, the researchers demonstrate how to easy it is figure out the IP address of people making Bitcoin transactions on the peeer-2-peer bitcoin network by exploiting a design flaw in the Bitcoin system.
It all starts with a ‘malformed message’ which cause a Denial of Service on the Bitcoin peer-2-peer network. Normally, if the penalty score of an IP address on the Tor network exceeds 100, the user is immediately banned for 24 hours. Now, here is the catch; once the Bitcoin user is banned from accessing the Bitcoin servers using TOR, they will switch to the normal network oblivion of the fact that they are falling to the de-anonymisation trap.
At this point, every IP address to the Bitcoin server will now be broadcasted to the attackers. “Once the hacker knows this address, he can trick the Bitcoin server into revealing the IP address of the user,” states Mary-Ann Russon on the International Business Times, adding that the de-anonymisation process could cost as much as $2000.
“The crucial idea of our attack is to identify each client by an octet of outgoing connections it establishes. This octet of Bitcoin peers [entry nodes] serves as a unique identifier of a client for the whole duration of a user session and will differentiate even those users who share the same NAT IP address,” says the researchers, adding that the attacker only needs to receive transactions from only two or three entry nodes and with “very high probability link the transaction to a specific client.”
Security experts are yet to observe attacks exploiting this vulnerability, but its clear the anonymity of Bitcoin is a myth that can be easily subverted. According to the experts, the anonymity features on Bitcoin are not worth the stone they are written on because they largely depend on the security of TOR. “In particular, we emphasize that the stable set of only eight entry nodes is too small, as the majority of these nodes’ connections can be captured by an attacker,” says the researcher.
The bulk lies with the authentication process on Bitcoin network, with allows a blacklisting the all seemingly misbehaving IP addresses without verify the source of the traffic. “We figured out that very short messages may cause a day IP ban, which can be used to separate a given node or the entire network from anonymity services such as proxy servers or Tor. If the Bitcoin community wishes to use Tor, this part of the protocol must be reconsidered,” the researchers conclude.