A Two-Stage Deanonymization Attack Towards Bitcoin Hidden Service Nodes

With the increasing popularity of Bitcoin, considerable attention has been paid to its privacy and anonymity. To protect users' privacy better from the P2P network perspective, Bitcoin encourages users to connect to the network through the anonymity network Tor. In this paper, we manage to prove that the combining of Bitcoin and Tor is easier to be exploited to deanonymize Bitcoin users. Specifically, we propose a two-stage deanonymization attack towards Bitcoin hidden service nodes, intending to reveal the IP addresses of the Bitcoin hidden services and identify their transactions. The experiments show that the node-level adversary and the gateway-level adversary both can correlate the IP address and the onion address of Bitcoin hidden services by shaping the traffic. On the premise of successful location deanonymization, the adversaries can identify the transactions from the target Bitcoin hidden service by delaying the packets. We also provide the theoretical analysis of the success probability and the countermeasures to mitigate this kind of attack.