'LinkingLion': An Entity Linking Bitcoin Transactions to IPs?

An entity called 'LinkingLion' may be attempting to link bitcoin transactions to user IP addresses.

'LinkingLion': An Entity Linking Bitcoin Transactions to IPs?
  • The entity opens connections to many Bitcoin nodes using four IP address ranges and listens to transaction announcements.
  • This might allow the entity to link newly broadcast transactions to node IP addresses.
  • The entity has been active in some capacity since 2018 and is also active on the Monero network using the same IP address ranges. It’s unclear if the IP ranges are maybe endpoints of a VPN service.
  • The entity might be a blockchain analysis company collecting data to improve its products.
  • Transaction broadcast over privacy networks like Tor is not affected if done correctly. Some Bitcoin wallets with a strong focus on privacy implement similar features.
  • A short-term solution might be a banlist or reporting the entity’s behavior. Solving the root problem requires deeper changes to the P2P logic in bitcoin.
  • You can check if LinkingLion is connecting to your listening clearnet Bitcoin Core node by grepping for the addresses in the getpeerinfo output: 

    bitcoin-cli getpeerinfo | grep -E '162.218.65|209.222.240|91.198.115|2604:d500:4:1'

Original Post
Archive

The research has also led to a Journey to Sovereignty discussion on Twitter Spaces, which also has been released as a podcast episode on all major podcasting platforms including Fountain app.