Scam Alert

Bitcoin Users’ Data Was Stolen By An Entity Using 812 Different IP Addresses

Key Points:

  • A mystery entity may be gathering Bitcoin users’ IP addresses and correlating them to their BTC addresses, thereby infringing on their privacy.
  • The entity has been active since March 2018, and it connects to Bitcoin full nodes using a variety of 812 distinct IP addresses.
  • By altering the IP addresses it uses to connect, the entity might get around list that nodes can use to ban LinkingLion from connecting to them.
An unknown person or group called LinkingLion may be collecting the IP addresses of Bitcoin users and linking them to their BTC addresses, violating the privacy of these users, according to a blog post from pseudonymous Bitcoin app developer 0xB10C.

The entity has purportedly been gathering data since March 2018 and has used a variety of 812 different IP addresses to conceal its identity.

0xB10C calls the entity LinkingLion because the IP addresses from three IPv4/24 ranges and one IPv6/32 range connect to listening nodes on the Bitcoin network, and these IP address ranges are all announced by AS54098, LionLink Networks. However, the ranges belong to different companies based on ARIN and RIPE registry information.

This behavior may indicate that the entity is trying to determine if a particular node can be reached at a particular IP address.

Fork Networking and Castle VPN are US-based companies owned by the same person. Fork Networking offers hosting and colocation services, while Castle VPN is a VPN provider. Linama UAB is a Lithuanian company with no web presence. Data Canopy is a US-based company offering cloud and colocation data centers. Since the connections from these IP ranges share very similar behavior, 0xB10C assume they are controlled or rented by the same entity.

0xB10C stated that about 15% of the time, LinkingLion doesn’t close the connection immediately. Instead, they either listen for inventory messages that contain transactions or send a request for an address and listen for both inventory and address messages. They then close the connection within 10 minutes.

The behaviour indicates that the entity may be recording the timing of transactions to determine which node first received a transaction. This information can then be used to determine the IP address associated with a particular Bitcoin address. According to 0xB10C, the entity can use that information to link broadcast transactions to IP addresses.

0xB10C is the developer of several Bitcoin analytics websites, including Mempool.observer and Transactionfee.info. They have also been awarded a Bitcoin developer grant from Brink.dev in the past.

To help protect the community from this privacy threat, 0xB10C has produced an open-source ban list that nodes can use to ban LinkingLion from connecting to them. However, the entity could circumvent this ban list by changing the IP addresses it uses to connect. In 0xB10C’s view, the only permanent solution to the problem is to change the transaction logic within Bitcoin Core, which developers have so far been unable to do.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Recent Posts

Polymarket User ‘Walletmobile’ Risks $10 Million on Trump’s Victory

Polymarket user identified only as "wallet mobile" has just made an astonishing bet of $10…

2 mins ago

Binance CEO Richard Teng: The West Will Still Dominate Finance

Binance CEO Richard Teng stated that Western companies will benefit most due to regulatory influence.

13 mins ago

FTX License Suspension Extended by Cyprus SEC Until May 2025

The Cyprus Securities and Exchange Commission announced that the Cypriot Investment Firm (CIF) FTX license…

41 mins ago

VanEck Pyth ETN Now Available in Europe

The VanEck Pyth ETN, backed by assets stored in cold storage with Bank Frick, has…

1 hour ago

Swift, UBS, Chainlink Complete Pilot for Global Tokenized Fund Settlement Network

Swift, UBS Asset Management, and Chainlink have completed a proof-of-concept that would settle tokenized fund…

1 hour ago

Jambo and Lif3 Partner to Make Crypto Payments Accessible to Millions of Users in Emerging Markets

Abu Dhabi, United Arab Emirates, 5th November 2024, Chainwire

1 hour ago

This website uses cookies.