Bitcoin over Tor isn't a good idea

TL;DR

Using Tor with Bitcoin introduces significant security vulnerabilities, enabling attackers to control information flow, link transactions, and perform double-spending, thereby compromising user anonymity and network integrity.

Contribution

This paper demonstrates that combining Tor with Bitcoin creates attack vectors allowing full control over user transactions and network behavior, which was not previously well understood.

Findings

Attackers can link transactions regardless of pseudonyms.

Control over relayed blocks and transactions is possible.

Double-spending attacks can be facilitated through this setup.

Abstract

Bitcoin is a decentralized P2P digital currency in which coins are generated by a distributed set of miners and transaction are broadcasted via a peer-to-peer network. While Bitcoin provides some level of anonymity (or rather pseudonymity) by encouraging the users to have any number of random-looking Bitcoin addresses, recent research shows that this level of anonymity is rather low. This encourages users to connect to the Bitcoin network through anonymizers like Tor and motivates development of default Tor functionality for popular mobile SPV clients. In this paper we show that combining Tor and Bitcoin creates an attack vector for the deterministic and stealthy man-in-the-middle attacks. A low-resource attacker can gain full control of information flows between all users who chose to use Bitcoin over Tor. In particular the attacker can link together user's transactions regardless of pseudonyms used, control which Bitcoin blocks and transactions are relayed to the user and can \ delay or discard user's transactions and blocks. In collusion with a powerful miner double-spending attacks become possible and a totally virtual Bitcoin reality can be created for such set of users. Moreover, we show how an attacker can fingerprint users and then recognize them and learn their IP address when they decide to connect to the Bitcoin network directly.