Although it is often claimed that transactions made with cryptocurrencies can be anonymous, there is a trail of information that can lead investigators or attackers to obtain the IP address of the users of these networks. How vulnerable are these types of Bitcoin and Monero operations?
As published by researcher Justin Ehrenhofer, the analysis of IP metadata is not something new, and has tried to resolve using the privacy features of Tor, particularly in the case of Bitcoin Core. In this case, the metadata is handled privately with the browser, raising the level of anonymity of the person who executes the transactions.
However, this solution is still insufficient, especially because the very functioning of the network - particularly the dissemination of transactions to the network - could include this metadata in nodes that do not work with this same type of privacy. In this way, the user's effort to protect himself would be useless and his IP would be registered, along with the rest of the metadata that is kept in the transactions.
Thus, although these efforts have served to give a greater level of anonymity to the realization of transactions, the registry in the chain, the public exposure of information and this metadata is still a difficult frontier to cross, especially in cryptocurrencies like Bitcoin, with public chains.
Taking this into account, Ehrenhofer was in charge of showing the number of nodes that must be controlled by the attackers to have the possibility of seizing the metadata of the users, both in Monero, cryptocurrency focused on privacy, and in Bitcoin.
Monero has approximately 3,200 nodes and, since the monerod is connected to 8 nodes by default, an attacker only needs to seize at least 1 out of every 8 connections, and can obtain a considerable amount of information with a relatively small amount.
In the case of Bitcoin, which currently has almost 10,000 nodes, and since the Bitcoin Core client - the most widely deployed in this chain - also makes 8 outgoing connections by default, an attacker would have to control about 1,000 nodes to connect to half of all the nodes directly and collect the metadata.
In both cases, an attacker or group of attackers that could compromise just over 10% of the nodes in the network would have direct access to the metadata managed by at least half of the network, so that it could track and establish directional links IP between users and their transactions. This could lead to full identification of these users.
However, this was a theoretical exercise by Ehrenhofer, who pointed out that server hosting companies like Amazon and Digital Ocean probably control a notable percentage of all the nodes in the network, so they could be a target for an attack of this nature .
In addition, he warned that this type of attack becomes especially powerful when the attackers control around 20% or more of the total number of nodes in the network, although the investment of resources that should be made could minimize this possibility.
FOLLOW ME IN: @desocrates