Bitcoin has plenty of great features. Surely, its openness is the best one. Anyone can develop using the open-source network without asking for approval. Probably, this particular Bitcoin’s quality is able to make the cryptocurrency even more widespread and popular. Popular enough to create comfortable conditions for some firms to use it in different and not always constructive ways.
It started a bit more than a week ago with a thread at BitcoinTalk forum where some user Evil-Knieval claimed that it looked like somebody was trying to control the bitcoin network using lots of nodes. The user said that it appeared that someone’s hundreds of nodes were attempting to connect to everyone.
Greg Maxwell, Bitcoin core developer, answered to Evil-Knievel asking for detailed information regarding the nodes under discussion. Then, Maxwell wrote that “this is moderately concerning.” He also added that it could be “a rather ham-fisted sybil attack trying to trick nodes into leaking private data to them.” According to Maxwell, such an attack is able to damage the wallets without any protection against multiple output connections.
After a few days, the user named Cryptowatch.com managed to pin down the entity owning all the aggressive nodes. The company’s name is ChainAnalysis, it’s located in Schindelle, Switzerland, and led by Michael Grønager, ex-Kraken COO, and Jan Møller, the former engineer at Mycelium.
The company’s website reads that “Chainalysis offers a service that provides financial institutions with the means to obtain regulatory compliance through real-time analysis of the blockchain.”
A day after Cryptowatch.com’s discovery, Michael Grønager apologised to have caused troubles and explained some pecularities of his company’s activity:
“We were preparing data for a blogpost on bitcoin traffic by volume btw different counties. We chose specifically to setup a number of nodes on the same /24 net to avoid any bitcoin or other vital parts of the network to be caught only on our nodes as we initially havn’t build the transaction forwarding into the probes.”
In addition, as far as the company learned that SPV nodes were affected, they claimed to have shut down the nodes. However, another quite interesting and informative thread on Reddit started by user Rassah is able to shed light on Chainanalysis’ behaviour and the situation in general:
“Mycelium Wallets use our own custom nodes to process the bitcoin blockchain and scan for address balances. These nodes were written by Jan Møller while he was the Lead Developer, along with our other devs. The job of these nodes is to parse the 30 gig Blockchain database into our own custom database, which is much larger, being over 100 gigs in size, but which allows for very quick and easy lookup of address balances, allowing for instant balance lookups and to do things like Cold Storage spending from paper wallets and Trezor. Note that this custom database doesn’t actually contain anything that’s not in the original blockchain database itself.
Jan Møller, our lead developer who did most of the work on the nodes, realized that the node-parsed blockchain database can be used to analyze bitcoin transaction activity, and help track transactions in the same way that our current financial institutions do (although with much less certainty). So he decided to have his own project that does just that, and has split off from Mycelium company last October.”
In an interview with another important member at ChainAnalysis, Chief Executive Officer Michael Grønager was asked whether his company was trying to use their nodes to deanonymize transactions for their clients and/or regulatory compliance. Mr. Grønager answered:
“We are not trying to reveal peoples IP addresses. In doing the [research on bitcoin transfer activity between countries] we see, however, a lot of ‘strange’ nodes connecting and scanning the network all the time, so don’t expect this activity not to happen at all and bear in mind that if you for whatever reason need to hide, you should only connect to bitcoin through Tor.”
Well, we’ve learned that bitcoin transactions are not anonymous and far from being private by definition. The truth is that bitcoin privacy needs to be protected because it’s clear that it’s only a matter of time before somebody attempts to turn the protocol’s advantages into its weaknesses. Still, there’s no reason to get angry with attackers. They just show that Bitcoin community has to develop better defenses. It makes no sense to hope that in a vulnearble decentralized system everybody will be honest.