Security researchers may have broken Bitcoin’s ability to let users make anonymous transactions with the cryptocurrency, according to Bank Info Security.
Three researchers from the University of Luxembourg say their techniques can be used to determine the identity of anonymous Bitcoin users between 11-60 percent of the time. The attack links the Bitcoin public keys with the IP address of the Bitcoin user, which then could be linked with an individual.
The attack, which uses equipment costing about $2,000, can be used even when multiple users share a single IP address through network address translation or are behind firewalls, and sometimes when the Tor anonymous network is used.
Bitcoin’s developers have never promised absolute anonymity, and every Bitcoin transaction is publicly logged. That means over time transactions might be tied to specific Bitcoin wallets, and wallets back to people. The new technique, if it works consistently, would significantly speed up that kind of tracking.
The reduced anonymity may make Bitcoin less attractive to criminals and terrorists, who increasingly use Bitcoin to sidestep controls on international payments. “Although generally designed for legitimate use…Bitcoin is beginning to feature heavily in police investigations, particularly in cases of ransomware and extortion,” according to Europol’s September 2014 Internet Organized Crime Threat Assessment. Criminal and terrorist users reportedly range from drug and child pornography traffickers to ISIS.