As per the application developer of the Bitcoin network who goes by the name 0xB10C, the security of personal information of Bitcoin wallet owners is under threat.
A group or an individual named LinkingLion has been gathering data on Bitcoin owners since March 2018 and has used over 800 different IP addresses to hide their identity, warns 0xB10C.
The LinkingLion group creates a TCP connection to the Bitcoin node and triggers a version verification by sending a message known as ‘version.’
The version messages consist of vague user agents like /bitcoinj:0.14.3/Bitcoin Wallet:4.72/, /Classic:1.3.4(EB8)/, or /Satoshi:0.13.2/. In total, LinkingLion has utilized 118 different user agents, most of which seem to be fake as they appear in the release notes with the same frequency.
According to 0xB10C, this group uses four IP address ranges to establish connections to several nodes on the Bitcoin network and listens for transaction announcements. It then associates new broadcast transactions with host IP addresses.
LinkingLion seems to be determining whether a specific node is reachable at a particular IP address. As these IP address ranges have similar behavior, 0xB10C presumes they are controlled or leased by LinkingLion.
The LinkingLion group receives metadata, inventory, and addresses from the nodes it connects to, which includes information about the software version running on a node, its availability status, its block height, and the services it offers.
Based on this information, LinkingLion can identify the IP address associated with a specific Bitcoin address. To prevent this privacy breach, 0xB10C recommends creating an open-source block list that nodes can use to block LinkingLion from connecting.
However, LinkingLion may try to bypass the deny list by changing its IP addresses. 0xB10C suggests disabling the IP address ranges used by LinkingLion for incoming connections to hosts as a short-term solution, but the only permanent remedy would be to change the transaction logic in Bitcoin Core.
As per the Kaspersky Lab report of 2022, almost 200,000 attempts have been made to steal data from cryptocurrency wallets and crypto investor accounts.