UPDATE (14th March 16:18 GMT): Additional comment added from Chainalysis CEO Michael Grønager.
Compliance startup Chainalysis was forced to defend itself today after allegations its surveillance tactics had disrupted services and threatened the privacy of bitcoin users.
Three Bitcoin Core developers, Wladimir van der Laan, Peter Todd and Gregory Maxwell, say Chainalysis' actions amount to a so-called Sybil attack on the bitcoin network, something CEO Grønager denies.
As van der Laan told CoinDesk:
Grønager, by contrast, described the incident as an "unintended partial Sybil attack" as it affected relatively few and was "carefully tailored" not to cause harm to the core bitcoin network.
SPV clients affected
Speaking to CoinDesk, he maintained Chainalysis had no malicious intentions to disrupt the network's SPV (simplified payment verification) clients, the 'lightweight' bitcoin nodes that don't carry a full copy of the blockchain but rather rely on other trusted nodes for accurate network data.
As the app has no centralised server, each Breadwallet user connects to the blockchain directly. Hence, when a user's wallet came across one of Chainalysis' "misbehaving" nodes, it was prevented from syncing with the rest of the network.
"Since these nodes aggressively broadcast the other nodes behaving the same way, the user might get in a position where they would connect to a non-syncing node nearly every time," Breadwallet developer Aaron Voisine explained. Unlike full nodes, which use Bitcoin Core, SPV clients often lack protective measures in node selection, such as clustering by IP address range.
He added that while he doesn't believe the node behaviour was malicious, it was certainly "rude".
Other wallets have been less forgiving. Mycelium – where Møller still works as a consultant – penned a lengthy Reddit post on the subject that distanced the pro-anonymity project from Møller's new business venture.
The company has joined other node operators to block nodes in Chainalysis' IP range from connecting with its own. Meanwhile, Breadwallet has pushed an update to avoid all nodes that display nonstandard behaviour.
Unlike miners, which reward their owners with freshly-minted coins, bitcoin nodes are not financially incentivised, but are run for the health of the network itself.
The more 'full' nodes there are to store and relay bitcoin transactions, the fewer points of failure there are, and the more stable the network becomes.
the actions of Chainalysis threatened this stability, and could even amount to illegal activity – "exceeding unauthorised access" – under anti-hacking laws, including the US' Computer Fraud and Abuse Act (CFAA), though this hasn't been confirmed.
Speaking to CoinDesk, Core developer Peter Todd expressed his concerns about the legality of Sybil attacks, which he said have the potential to impact all of bitcoin's users.
Indeed, besides SPV clients, false nodes can make it harder for bitcoin's approximately 6,500 publicly accessible full nodes to sync up, find blocks and transmit transaction data, though fellow developer van der Laan denied hearing any reports of this for the Chainalysis nodes.
Chainalysis denies any malicious behaviour – "the accusations got a little out of hand," Grønager said – and rather points to its technology being used to help law enforcement, for example in tracking and locating stolen funds.
He told CoinDesk:
Anonymity vs compliance
The crux of the debate between Chainalysis and its critics centres around bitcoin's use: should it seek to serve financial institutions operating in heavily regulated environments, or those wishing to transact in privacy?
Chainalysis sides with the regulators. In providing what it calls 'automated transaction reporting', the company says it is helping bitcoin companies conform to existing money transfer regulations, including the travel rule.
This, Grønager said, will help bitcoin businesses get bank accounts and promote the currency's use among mainstream financial institutions.
However, others are questioning the reliability of these tools and the IP data they collect.
By finding the IP address of the first node that introduces a new transaction in the network, it is possible to guess its country using GeoIP. However, although there can be a weak correlation, receiving a transaction from a particular node does not mean that the individual running it was its creator, generally speaking.
"Their service cannot provide any guarantees, and many services have tried this before. What is new is how rudely they disrupt the network," said Wladimir, who stressed that this kind of analysis is, at best, a very unexact science.
Additionally, Todd cited past unconfirmed reports of inaccurate data leading to a user being arrested by police in 2013 after his IP address was falsely linked to criminal activity via blockchain sleuthing.
The IP debate
In a prepared statement, a spokesperson from the company said:
They added: "In short, Blockchain.info nodes are passive in nature, only record publicly available data, and confirm to the standard behaviour of nodes on the network."
Grønager is keen to differentiate between Chainalysis' service, which allows API customers to determine if a transaction originates from a 'safe' partner, from those who publicly share data about IPs that have run the bitcoin client.
"Chainalysis does not and will never share IP addresses or enable customers to buy such information, and we consider it highly problematic and unethical to engage in or facilitate that," he said, adding:
All IP data that passes into the bitcoin network can be masked by anonymising services such as Tor and CoinJoin, which advocates argue can help protect the identities of users, and may prevent future Sybil attacks.
“This is also a reminder to always use tor with Bitcoin 100% of the time (and to use a full node if you can), as that reduces the incentives to pull this kind of stunt,” Maxwell said in the original Bitcoin Talk post.
As long as Bitcoin continutes to provide relatively poor privacy, people will continue to try to create services that take advantage of this, he added.
If nothing else, the events of the past 24 hours hammer home that fact that bitcoin operates on 'user-selectable privacy' – by default it is no more secret than a google search from a home internet connection.
Whether this should be used to bring the protocol up to regulator's standards or be changed to protect user identities, is still up for debate.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.