While Bitcoin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bitcoin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bitcoin network through anonymisers like Tor and motivates development of default Tor functionality for popular mobile SPV clients.

In this paper, the authors show that combining Tor and Bitcoin creates an attack vector for the deterministic and stealthy man-in-the-middle attacks. A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can delay or discard user’s transactions and blocks.

In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users. Moreover, we show how an attacker can fingerprint users
and then recognise them and learn their IP address when they decide to connect to the Bitcoin network directly.

This paper seeks to make two main contributions. Firstly, the authors show that using Bitcoin over Tor not only provides limited levelof anonymity but also exposes the user to man-in-the middle attacks in which an attacker controls which Bitcoin blocks and transactions the users is aware of. Moreover in collusion with a powerful miner double-spending becomes possible and a totally virtual Bitcoin reality may be created for such users (at least for a brief period of time).

The second contribution is a fingerprinting technique for Bitcoin users by setting an “address cookie” on the user’s computer. This can be used to correlate the same user across different sessions, even if he uses Tor, hidden-services or multiple proxies. If the user later decides to connect to the Bitcoin network directly the cookie would be still present and would reveal his IP address. A small set of Sybil nodes (about a 100 attacker’s nodes) is sufficient to keep the cookies fresh on all the Bitcoin peers (including clients behind NATs).

To discover more reasons why Bitcoin over Tor isn’t a good idea, download this paper.