Using bitcoin over the anonymity network Tor leaves users at greater risk of having their identities revealed, according to academics at the University of Luxembourg.
If that seemingly paradoxical finding isn't enough to scare privacy-loving bitcoiners, the researchers also determined that an attack could be mounted on an "economy" budget of just $2,500 a month.
Such an attack could expose the identity of a bitcoin and Tor user, and allow the attacker to meddle with the victim's transactions, they said.
Ivan Pustogarov, one of the two researchers working on the issue, explained:
Pustogarov said the paper is to be submitted for peer-review to be presented at a cryptography and information security conference.
'Virtual bitcoin reality'
The sort of manipulation described by the authors is known as a 'man-in-the-middle' attack (MitM) and, if successful, could reveal a user's IP address, which can be used to locate the user, and allow an attacker to 'glue', or correlate, the transactions performed by that user from different bitcoin addresses.
The paper states:
As a result, a victim would also be at the attacker's mercy regarding information about his transactions, since they would be able to delay or discard a victim's transactions or blocks.
In an extreme scenario, a bad actor could even dupe a victim into thinking they had received bitcoin when in fact they had not (a so-called 'double-spending attack'), Pustogarov said.
This sort of attack would have ramifications for privacy-seeking merchants, on dark web markets, for instance. A dark web merchant would also be at risk of being outed by rival businesses or disgruntled customers by such an attack.
Despite the MitM's ability to compromise a victim's privacy, it would not, however, be able to steal a victim's funds. Their wallet and transactions are safe, even if the attack was successfully mounted, the researcher confirmed, adding:
How the attack works
Pustogarov and Biryukov dreamed up the attack by focusing on a little-known aspect of the bitcoin protocol, its built-in protection against a denial of service attack (DoS). To protect themselves, bitcoin servers award points to clients that send them problematic transactions. When a client racks up 100 points, the server bans it for 24 hours.
In an earlier paper, also focused on anonymity risks on the bitcoin network, the authors described a way to exploit this DoS protection to prevent Tor from being used to connect to the bitcoin network.
They explained that, when a Tor user connects to the bitcoin network, his or her IP address is not revealed. Instead, the bitcoin server sees the address of the connected Tor 'exit node', a type of server. As a result, an attacker could send enough bad transactions over Tor to get all the exit nodes banned by the bitcoin network.
The authors build on that approach in their current paper. They say that a smart attacker could set up a number of bitcoin servers and Tor exit nodes before exploiting the DoS protection system to ban other Tor exit nodes from the bitcoin network.
When a victim uses Tor to connect to the bitcoin network, he will be left with only the attacker's bitcoin servers to connect to, since he has been banned by all other servers. The attacker is now in control of all the information relayed to the user.
Pustogarov and Biryukov estimate that the attack can be mounted for between $2,500 and $7,200 a month. This range would be required to guarantee sufficient bandwidth and/or multiple IP addresses for the attacks.
At the lower limit, an attacker could control a significant portion of Tor exit node bandwidth, allowing him to direct a victim to a malicious bitcoin server. With this amount of bandwidth, a victim would take under three minutes, on average, before connecting to a bitcoin server controlled by an attacker, Pustogarov said.
Detection and fixes
There is some good news, however. Pustogarov noted that such an attack could be monitored fairly easily, by creating a program to check the percentage of Tor exit nodes banned by the bitcoin network at any given time, explaining:
The paper also outlines some ways of countering the attack, although they all require fundamental changes to the bitcoin protocol. The DoS protection system could be changed so that it only runs on half of all servers, by random selection, at any given time, for example.
The use of Tor to increase anonymity with other applications has also proved problematic in some cases. For instance, earlier research showed that using BitTorrent, the popular decentralised file-sharing protocol, over Tor resulted in IP addresses getting leaked.
"Tor is not a panacea ... and not all applications are anonymised equally well when combined with Tor," the paper states.
Pustogarov is optimistic that continued research will dispel myths around the levels of anonymity afforded by the digital currency:
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.