New Tool TorBan Helps Monitor Bitcoin-Over-Tor Attacks

A privacy researcher has created a monitoring tool called TorBan to check for attacks on bitcoin users over Tor.

AccessTimeIconNov 11, 2014 at 6:37 p.m. UTC
Updated Aug 18, 2021 at 3:28 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Days after researchers described an attack that could reveal the identities of individuals who used bitcoin over the Tor anonymity network, a privacy advocate has developed a tool to monitor the occurrence of that attack.

The tool, TorBan, is a website that gives information about the Tor exit nodes currently connected to the bitcoin network.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • If all the connections are fresh, users should be wary of a privacy-invading attack like the one described by the Luxembourg researchers, TorBan's creator Kristov Atlas said, adding:

    "If you see a bunch of new nodes never seen before, and all of the ones that have been seen for a long time are no longer seen, that's suspicious."

    Atlas said he was inspired to write TorBan by the University of Luxembourg paper, which was written by Ivan Pustogarov and Alex Biryukov, of the university's cryptology research group.

    The paper outlined an attack that could unmask a bitcoin user who connected to the digital currency's network using Tor.

    Banning Tor networks

    nov-11-torban

    The privacy incursion relies on exploiting the bitcoin protocol's built-in protection against denial-of-service (DoS) attacks, which bans clients that it thinks are DoS-ing it. By DoS-ing bitcoin servers from the Tor network, an attacker would cause all Tor exit-nodes to be banned from the bitcoin network.

    The attacker can then run their own Tor exit nodes or bitcoin servers, waiting for a victim to connect. Victims are susceptible because they wind up using the attacker's Tor exit-node or her bitcoin server because all legitimate exit-nodes would have been banned by the bitcoin network.

    TorBan traces the history of exit-nodes connected to the bitcoin network. If all the nodes are new, it could indicate that a malicious actor has triggered a ban of Tor exit-nodes by bitcoin servers, setting the stage for an attack.

    Atlas said he wrote TorBan quickly as a "proof of concept" that the Luxembourg attack could be easily detected.

    He added:

    "The attack relies on the use of public information. We can use that public information to detect such attacks."

    While TorBan doesn't prevent the attack, Kristov pointed out, it can serve as a useful warning system. He said preventing an attack would fall to the bitcoin core developers.

    Pustogarov, a co-author of the Luxembourg paper, previously told CoinDesk that the attack could indeed be easily monitored. He welcomed Atlas' work with TorBan, noting that it contributed to a better understanding of the degree anonymity afforded by bitcoin use.

    "I can only encourage it. It is a small project designed to detect a very specific attack. But many small projects like this will finally create the big picture," he said.

    User identities important for attacks

    Painting a clearer picture of anonymity and privacy issues in bitcoin is just what Atlas hopes to achieve with TorBan, which is just one of the programmes running under the Open Bitcoin Privacy Project banner. That's a loose grouping of six software developers working on bitcoin and privacy matters.

    Other Open Bitcoin Privacy Project efforts include CoinJoin Sudoku, which evaluates the privacy levels of Blockchain's mixing service SharedCoin, and Open Bitcoin Privacy Library, a framework for analysing privacy on the blockchain.

    Atlas underlined the imminent danger of ignoring privacy issues in the bitcoin economy. He said that even though the Luxembourg attack couldn't steal a victim's funds, instead only potentially de-anonymising a bitcoin user, it could still play an important role in a malicious actor's arsenal.

    "Every hacker in the world ... builds a profile of their target first. There's an information gathering phase for anyone doing this kind of security work. I think bitcoin privacy is not well protected at the moment; information about where people's assets are and how much they have is really useful information," he said.

    Featured image via g4ll4is / Flickr

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about