An unknown entity has been linking Bitcoin addresses with their IPs
The entity that has received the name "LinkingLion" has been operational since 2018 and its origin has not been identified.
A blockchain-analyzing corporation could be behind the anonymous entity that has been opening connections to Bitcoin nodes and listening for announcements of transactions. The entity would be linking which Bitcoin address belongs to a particular IP address.
According to the Bitcoin developer, who identifies himself as 0xB10C, the unknown entity has been trying to collect IP addresses since 2018, when its first activity was detected. The developer has given the name to the LinkingLion entity, since it uses connections through the LionLink data center, in the United States.
In order to identify user data, the entity uses IP addresses to open connections with nodes in the Bitcoin network and ask what software (wallet) users are using. If the entity receives a version number, 82% of the time contact ceases, but in the remaining 18% of cases it listens to messages containing transactions or requests an address.
0xB10C argues that this could be a way to determine which node received a transaction first, and then use that information to determine the IP address associated with a particular Bitcoin address. Although it cannot be known for certain who is behind this activity, 0xB10C believes that it is unlikely to be a person due to the cost of the servers and the IP addresses they are logging.
The developer, in his report, believes that it is most likely a blockchain analytics company, such as Chainalysis, paying for such resources to collect data that can be sold or used to improve their existing product. .
However, 0xB10C describes that it is still not clear if this type of behavior is from a single entity or company, however, the data collection pattern is the same in each of the analyses.
How to prevent this type of situation
The Bitcoin network is open. Transactions circulate through a digital system that anyone with internet access can see, this allows entities like LinkingLion to have access to their users' data.
When a transaction is sent through a wallet installed on the mobile phone, it connects to a network node, for this it is necessary to share the IP address of the connection, and this is where LinkingLion collects said information.
To prevent these scenarios, some Bitcoin wallets, such as Cake Wallet or even Trezor, as reported by CriptoNoticias, have activated privacy options that allow Internet connections to be made via the Tor network. This makes it possible to hide the original IP address of the user, in a network fabric, difficult to trace.
Even the Bitcoin Core nodes already have, since version 22.0, the possibility of connecting via Tor and even through I2P, another private internet connection protocol.